Search Results (26284 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-8323 1 Aircrack-ng 1 Aircrack-ng 2025-04-20 N/A
buddy-ng.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to cause a denial of service (segmentation fault) via a response with a crafted length parameter.
CVE-2016-8982 1 Ibm 1 Infosphere Datastage 2025-04-20 N/A
IBM InfoSphere Information Server stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history.
CVE-2016-8987 1 Ibm 1 Maximo Asset Management 2025-04-20 N/A
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an authenticated user to view incorrect item sets that they should not have access to view.
CVE-2016-9009 1 Ibm 1 Websphere Mq 2025-04-20 N/A
IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering. IBM Reference #: 1998647.
CVE-2016-9963 3 Canonical, Debian, Exim 3 Ubuntu Linux, Debian Linux, Exim 2025-04-20 N/A
Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.
CVE-2017-14520 1 Freedesktop 1 Poppler 2025-04-20 N/A
In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files.
CVE-2017-3498 1 Oracle 1 Solaris 2025-04-20 N/A
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
CVE-2014-8705 1 Wondercms 1 Wondercms 2025-04-20 N/A
PHP remote file inclusion vulnerability in editInplace.php in Wonder CMS 2014 allows remote attackers to execute arbitrary PHP code via a URL in the hook parameter.
CVE-2017-14583 1 Netapp 1 Clustered Data Ontap 2025-04-20 N/A
NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in SMB environments.
CVE-2017-14589 1 Atlassian 1 Bamboo 2025-04-20 N/A
It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute Java code of their choice on systems that run a vulnerable version of Bamboo. All versions of Bamboo before 6.1.6 (the fixed version for 6.1.x) and from 6.2.0 before 6.2.5 (the fixed version for 6.2.x) are affected by this vulnerability.
CVE-2017-1460 1 Ibm 1 I 2025-04-20 N/A
IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue router spoofs its origin. Routing tables are affected by a missing LSA, which may lead to loss of connectivity. IBM X-Force ID: 128379.
CVE-2017-14603 1 Digium 2 Asterisk, Certified Asterisk 2025-04-20 N/A
In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report.
CVE-2017-14696 1 Saltstack 1 Salt 2025-04-20 N/A
SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request.
CVE-2016-9129 1 Revive-adserver 1 Revive Adserver 2025-04-20 N/A
Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery system. Such information cannot however be used directly to log in to the system, which requires a username.
CVE-2017-14821 1 Foxitsoftware 1 Foxit Reader 2025-04-20 N/A
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the xTsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5013.
CVE-2017-14909 1 Google 1 Android 2025-04-20 N/A
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a count value that is read from a file is not properly validated.
CVE-2017-14943 1 Trapezegroup 1 Transitmaster 2025-04-20 N/A
Trapeze TransitMaster is vulnerable to information disclosure (emails / hashed passwords) via a modified userID field in JSON data to ManageSubscriber.aspx/GetSubscriber. NOTE: this software is independently deployed at multiple municipal transit systems; it is not found exclusively on the "webwatch.(REDACTED).com" server mentioned in the reference.
CVE-2017-14954 1 Linux 1 Linux Kernel 2025-04-20 N/A
The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call.
CVE-2017-14967 1 Ikarussecurity 1 Anti.virus 2025-04-20 N/A
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000080.
CVE-2017-14971 1 Infocuscorp 1 Infocus Mondopad 2025-04-20 N/A
Infocus Mondopad 2.2.08 is vulnerable to a Hashed Credential Disclosure vulnerability. The attacker provides a crafted Microsoft Office document containing a link that has a UNC pathname associated with an attacker-controller server. In one specific scenario, the attacker provides an Excel spreadsheet, and the attacker-controller server receives the victim's NetNTLMv2 hash.