Search Results (26297 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-11761 1 Microsoft 1 Exchange Server 2025-04-20 N/A
Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Microsoft Exchange Information Disclosure Vulnerability"
CVE-2017-2364 1 Apple 2 Iphone Os, Safari 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
CVE-2017-1422 1 Ibm 1 Maas360 Dtm 2025-04-20 N/A
IBM MaaS360 DTM all versions up to 3.81 does not perform proper verification for user rights of certain applications which could disclose sensitive information. IBM X-Force ID: 127412.
CVE-2017-9512 1 Atlassian 2 Crucible, Fisheye 2025-04-20 7.5 High
The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks.
CVE-2016-5391 2 Fedoraproject, Libreswan 2 Fedora, Libreswan 2025-04-20 N/A
libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart).
CVE-2017-5041 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-20 N/A
Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation, which allowed a remote attacker to display incorrect information for a site via a crafted HTML page.
CVE-2016-7431 1 Ntp 1 Ntp 2025-04-20 N/A
NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression.
CVE-2017-15583 1 Hitachienergy 2 Fox515t, Fox515t Firmware 2025-04-20 N/A
The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. It accepts a parameter that specifies a file for display or for use as a template. The filename is not validated; an attacker could retrieve any file.
CVE-2017-3162 1 Apache 1 Hadoop 2025-04-20 N/A
HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0.
CVE-2017-5223 1 Phpmailer Project 1 Phpmailer 2025-04-20 N/A
An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to /, meaning that relative image URLs get treated as absolute local file paths and added as attachments. To form a remote vulnerability, the msgHTML method must be called, passed an unfiltered, user-supplied HTML document, and must not set a base directory.
CVE-2016-8884 3 Fedoraproject, Jasper Project, Redhat 3 Fedora, Jasper, Enterprise Linux 2025-04-20 N/A
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.
CVE-2015-7691 5 Debian, Netapp, Ntp and 2 more 14 Debian Linux, Clustered Data Ontap, Data Ontap and 11 more 2025-04-20 7.5 High
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
CVE-2016-8602 2 Artifex, Redhat 2 Ghostscript, Enterprise Linux 2025-04-20 N/A
The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack.
CVE-2016-2374 3 Canonical, Debian, Pidgin 3 Ubuntu Linux, Debian Linux, Pidgin 2025-04-20 N/A
An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution.
CVE-2016-0270 1 Ibm 3 Client Application Access, Domino, Notes 2025-04-20 N/A
IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack." NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue.
CVE-2015-6567 1 Wolfcms 1 Wolf Cms 2025-04-20 N/A
Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly. Exploitation requires a registered user who has access to upload functionality.
CVE-2017-2448 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. The issue involves the "Keychain" component. It allows man-in-the-middle attackers to bypass an iCloud Keychain secret protection mechanism by leveraging lack of authentication for OTR packets.
CVE-2017-14098 1 Digium 1 Asterisk 2025-04-20 N/A
In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash.
CVE-2017-14482 3 Debian, Gnu, Redhat 3 Debian Linux, Emacs, Enterprise Linux 2025-04-20 N/A
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).
CVE-2014-8722 1 Get-simple 1 Getsimple Cms 2025-04-20 N/A
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml.