Export limit exceeded: 10014 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10014 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-15570 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2025-04-20 | N/A |
| In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data. | ||||
| CVE-2017-15571 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2025-04-20 | N/A |
| In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data. | ||||
| CVE-2017-15572 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2025-04-20 | N/A |
| In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect. | ||||
| CVE-2017-15573 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2025-04-20 | N/A |
| In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content. | ||||
| CVE-2017-15574 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2025-04-20 | N/A |
| In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment. | ||||
| CVE-2017-15575 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2025-04-20 | N/A |
| In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact. | ||||
| CVE-2017-15576 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2025-04-20 | N/A |
| Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2017-15577 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2025-04-20 | N/A |
| Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2017-15642 | 2 Debian, Sound Exchange Project | 2 Debian Linux, Sound Exchange | 2025-04-20 | N/A |
| In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file. | ||||
| CVE-2017-15672 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2025-04-20 | N/A |
| The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read. | ||||
| CVE-2017-15722 | 2 Debian, Irssi | 2 Debian Linux, Irssi | 2025-04-20 | N/A |
| In certain cases, Irssi before 1.0.5 may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string. | ||||
| CVE-2017-15723 | 2 Debian, Irssi | 2 Debian Linux, Irssi | 2025-04-20 | N/A |
| In Irssi before 1.0.5, overlong nicks or targets may result in a NULL pointer dereference while splitting the message. | ||||
| CVE-2017-15864 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2025-04-20 | N/A |
| In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password. | ||||
| CVE-2017-15868 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2025-04-20 | 7.8 High |
| The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application. | ||||
| CVE-2017-15924 | 2 Debian, Shadowsocks | 2 Debian Linux, Shadowsocks-libev | 2025-04-20 | N/A |
| In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions. | ||||
| CVE-2017-15930 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2025-04-20 | N/A |
| In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer. | ||||
| CVE-2017-15953 | 2 Bchunk Project, Debian | 2 Bchunk, Debian Linux | 2025-04-20 | N/A |
| bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow and crash when processing a malformed CUE (.cue) file. | ||||
| CVE-2017-15954 | 2 Bchunk Project, Debian | 2 Bchunk, Debian Linux | 2025-04-20 | N/A |
| bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow (with a resultant invalid free) and crash when processing a malformed CUE (.cue) file. | ||||
| CVE-2017-15955 | 2 Bchunk Project, Debian | 2 Bchunk, Debian Linux | 2025-04-20 | N/A |
| bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to an "Access violation near NULL on destination operand" and crash when processing a malformed CUE (.cue) file. | ||||
| CVE-2017-16352 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2025-04-20 | N/A |
| GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag. | ||||