Export limit exceeded: 367102 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 12287 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12287 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-10149 | 3 Debian, Pysaml2 Project, Redhat | 3 Debian Linux, Pysaml2, Openstack | 2025-04-20 | N/A |
| XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response. | ||||
| CVE-2017-8418 | 1 Rubocop Project | 1 Rubocop | 2025-04-20 | N/A |
| RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users. | ||||
| CVE-2017-8451 | 1 Elastic | 1 Kibana | 2025-04-20 | N/A |
| With X-Pack installed, Kibana versions before 5.3.1 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website. | ||||
| CVE-2017-8535 | 1 Microsoft | 13 Endpoint Protection, Exchange Server, Forefront Endpoint Protection and 10 more | 2025-04-20 | 5.5 Medium |
| The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8536, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542. | ||||
| CVE-2017-0819 | 1 Google | 1 Android | 2025-04-20 | N/A |
| A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63045918. | ||||
| CVE-2017-0882 | 1 Gitlab | 1 Gitlab | 2025-04-20 | N/A |
| Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC. | ||||
| CVE-2017-0886 | 1 Nextcloud | 1 Nextcloud Server | 2025-04-20 | 6.5 Medium |
| Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Due to an error in the application logic an authenticated adversary may trigger an endless recursion in the application leading to a potential Denial of Service. | ||||
| CVE-2017-1000013 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-20 | N/A |
| phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness | ||||
| CVE-2017-1000021 | 1 Logicaldoc | 1 Logicaldoc | 2025-04-20 | N/A |
| LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when indexing XML documents. | ||||
| CVE-2017-1000027 | 1 Koozali | 1 Sme Server | 2025-04-20 | N/A |
| Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable to an open URL redirect vulnerability in the user web login function resulting in unauthorized account access. | ||||
| CVE-2017-1000070 | 1 Oauth2 Proxy Project | 1 Oauth2 Proxy | 2025-04-20 | N/A |
| The Bitly oauth2_proxy in version 2.1 and earlier was affected by an open redirect vulnerability during the start and termination of the 2-legged OAuth flow. This issue was caused by improper input validation and a violation of RFC-6819 | ||||
| CVE-2017-7533 | 2 Linux, Redhat | 5 Linux Kernel, Enterprise Linux, Enterprise Mrg and 2 more | 2025-04-20 | 7.0 High |
| Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions. | ||||
| CVE-2014-9942 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In Boot in all Android releases from CAF using the Linux kernel, a Use of Uninitialized Variable vulnerability could potentially exist. | ||||
| CVE-2017-12138 | 1 Xoops | 1 Xoops | 2025-04-20 | N/A |
| XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter. | ||||
| CVE-2017-12159 | 2 Keycloak, Redhat | 5 Keycloak, Enterprise Linux Server, Jboss Single Sign On and 2 more | 2025-04-20 | N/A |
| It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks. | ||||
| CVE-2017-6604 | 1 Cisco | 1 Unified Computing System | 2025-04-20 | N/A |
| A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability affects the following Cisco products running Cisco IMC Software: Unified Computing System (UCS) B-Series M3 and M4 Blade Servers, Unified Computing System (UCS) C-Series M3 and M4 Rack Servers. More Information: CSCvc37931. Known Affected Releases: 3.1(2c)B. | ||||
| CVE-2017-12847 | 1 Nagios | 1 Nagios | 2025-04-20 | N/A |
| Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command. | ||||
| CVE-2017-12850 | 1 Kanboard | 1 Kanboard | 2025-04-20 | N/A |
| An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46. | ||||
| CVE-2017-12851 | 1 Kanboard | 1 Kanboard | 2025-04-20 | N/A |
| An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46. | ||||
| CVE-2017-12964 | 1 Libsass | 1 Libsass | 2025-04-20 | N/A |
| There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator() in eval.cpp. It will lead to a remote denial of service attack. | ||||