Export limit exceeded: 364697 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364697 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-1276 1 Ibm 2 Rational Doors Next Generation, Rational Requirements Composer 2025-04-20 N/A
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124751.
CVE-2017-12762 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2025-04-20 9.8 Critical
In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree.
CVE-2017-12763 3 Apple, Linux, Nomachine 3 Mac Os X, Linux Kernel, Nomachine 2025-04-20 N/A
An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files.
CVE-2017-12774 1 Finecms Project 1 Finecms 2025-04-20 N/A
finecms in 1.9.5\controllers\member\ContentController.php allows remote attackers to operate website database
CVE-2017-12779 1 Matroska 1 Mkvalidator 2025-04-20 N/A
The Node_GetData function in corec/corec/node/node.c in mkvalidator 0.5.1 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.
CVE-2017-1278 1 Ibm 2 Rational Doors Next Generation, Rational Requirements Composer 2025-04-20 N/A
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124756.
CVE-2017-12780 1 Matroska 3 Libebml2, Mkclean, Mkvalidator 2025-04-20 N/A
The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted mkv file.
CVE-2017-12781 1 Matroska 3 Libebml2, Mkclean, Mkvalidator 2025-04-20 N/A
The EBML_BufferToID function in ebmlelement.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.
CVE-2017-12782 1 Matroska 3 Libebml2, Mkclean, Mkvalidator 2025-04-20 N/A
The ReadData function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.
CVE-2017-12783 1 Matroska 3 Libebml2, Mkclean, Mkvalidator 2025-04-20 N/A
The ReadDataFloat function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.
CVE-2017-12784 1 Ccfile 1 Cc File Transfer 2025-04-20 N/A
In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An example payload is a malformed request header with many '|' characters. NOTE: some sources use this ID for a NoviWare issue, but the correct ID for that issue is CVE-2017-12787.
CVE-2017-12785 1 Noviflow 1 Noviware 2025-04-20 N/A
The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. This could be used by a read-only user (monitor role) to gain privileged (root) code execution on the switch via command injection.
CVE-2017-12786 1 Noviflow 1 Noviware 2025-04-20 N/A
Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because there is a stack-based buffer overflow during unserialization of packet data.
CVE-2017-12787 1 Noviflow 1 Noviware 2025-04-20 N/A
A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because incoming packet data can contain embedded OS commands, and can also trigger a stack-based buffer overflow.
CVE-2017-12791 1 Saltstack 1 Salt 2025-04-20 N/A
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.
CVE-2017-12792 1 Nexusphp Project 1 Nexusphp 2025-04-20 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) linkname, (2) url, or (3) title parameter in an add action to linksmanage.php.
CVE-2017-12794 1 Djangoproject 1 Django 2025-04-20 N/A
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings.
CVE-2017-12796 1 Openmrs 1 Openmrs 2025-04-20 N/A
The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is that remote unauthenticated users are able to execute operating system commands by crafting malicious XML payloads, as demonstrated by a single admin/reports/reportSchemaXml.form request.
CVE-2017-12797 1 Mpg123 1 Mpg123 2025-04-20 N/A
Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow.
CVE-2017-12799 1 Gnu 1 Binutils 2025-04-20 N/A
The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.