Export limit exceeded: 47241 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364529 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364529 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1282 | 1 Ibm | 1 Content Navigator | 2025-04-20 | N/A |
| IBM Content Navigator & CMIS 2.0 and 3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124760. | ||||
| CVE-2017-12820 | 1 Sentinel | 1 Sentinel Ldk Rte Firmware | 2025-04-20 | N/A |
| Arbitrary memory read from controlled memory pointer in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service. | ||||
| CVE-2017-12821 | 1 Sentinel | 1 Sentinel Ldk Rte Firmware | 2025-04-20 | N/A |
| Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 might cause remote code execution. | ||||
| CVE-2017-12822 | 1 Sentinel | 1 Sentinel Ldk Rte Firmware | 2025-04-20 | N/A |
| Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors. | ||||
| CVE-2017-12823 | 1 Kaspersky | 1 Embedded Systems Security | 2025-04-20 | N/A |
| Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation. | ||||
| CVE-2017-12824 | 1 Inpage | 1 Inpage | 2025-04-20 | N/A |
| Special crafted InPage document leads to arbitrary code execution in InPage reader. | ||||
| CVE-2017-1283 | 1 Ibm | 1 Websphere Mq | 2025-04-20 | N/A |
| IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144. | ||||
| CVE-2017-12836 | 3 Canonical, Debian, Gnu | 3 Ubuntu Linux, Debian Linux, Cvs | 2025-04-20 | N/A |
| CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar." | ||||
| CVE-2017-12837 | 1 Perl | 1 Perl | 2025-04-20 | N/A |
| Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier. | ||||
| CVE-2017-12838 | 1 Nexusphp Project | 1 Nexusphp | 2025-04-20 | N/A |
| Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that (1) send manas via a request to mybonus.php or (2) add administrators via unspecified vectors. | ||||
| CVE-2017-1284 | 1 Ibm | 1 Websphere Mq | 2025-04-20 | N/A |
| IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM X-Force ID: 125145. | ||||
| CVE-2017-12840 | 1 Deslock | 1 Deslock\+ | 2025-04-20 | N/A |
| A kernel driver, namely DLMFENC.sys, bundled with the DESLock+ client application 4.8.16 and earlier contains a locally exploitable heap based buffer overflow in the handling of an IOCTL message of type 0x0FA4204. The vulnerability is present due to the kernel driver failing to allocate sufficient memory on the kernel heap to contain a user supplied string as such the string is copied into a buffer of constant size (0x1000-bytes) and thus an overflow condition results. Access to the kernel driver is permitted through an obfuscated interface whereby bytes of user supplied message are "authenticated" via an obfuscation routine employing a linear equation. | ||||
| CVE-2017-12843 | 2 Cyrusimap, Fedoraproject | 2 Cyrus Imap, Fedora | 2025-04-20 | N/A |
| Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command. | ||||
| CVE-2017-12844 | 1 Icewarp | 1 Mail Server | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name. | ||||
| CVE-2017-12847 | 1 Nagios | 1 Nagios | 2025-04-20 | N/A |
| Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command. | ||||
| CVE-2017-12849 | 1 Silverstripe | 1 Silverstripe | 2025-04-20 | N/A |
| Response discrepancy in the login and password reset forms in SilverStripe CMS before 3.5.5 and 3.6.x before 3.6.1 allows remote attackers to enumerate users via timing attacks. | ||||
| CVE-2017-1285 | 1 Ibm | 1 Websphere Mq | 2025-04-20 | N/A |
| IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146. | ||||
| CVE-2017-12850 | 1 Kanboard | 1 Kanboard | 2025-04-20 | N/A |
| An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46. | ||||
| CVE-2017-12851 | 1 Kanboard | 1 Kanboard | 2025-04-20 | N/A |
| An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46. | ||||
| CVE-2017-12852 | 1 Numpy | 1 Numpy | 2025-04-20 | N/A |
| The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack. | ||||