Export limit exceeded: 10931 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10931 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-14005 | 1 Prominent | 2 Multiflex M10a Controller, Multiflex M10a Controller Firmware | 2025-04-20 | N/A |
| An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When setting a new password for a user, the application does not require the user to know the original password. An attacker who is authenticated could change a user's password, enabling future access and possible configuration changes. | ||||
| CVE-2017-3839 | 1 Cisco | 1 Secure Access Control System | 2025-04-20 | N/A |
| An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc04845. Known Affected Releases: 5.8(2.5). | ||||
| CVE-2017-1398 | 1 Ibm | 1 Websphere Commerce | 2025-04-20 | N/A |
| IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 127385. | ||||
| CVE-2017-3889 | 1 Cisco | 1 Registered Envelope Service | 2025-04-20 | N/A |
| A vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to redirect a user to a undesired web page, aka an Open Redirect. This vulnerability affects the Cisco Registered Envelope cloud-based service. More Information: CSCvc60123. Known Affected Releases: 5.1.0-015. | ||||
| CVE-2017-1383 | 1 Ibm | 2 Infosphere Information Server, Softlayer | 2025-04-20 | N/A |
| IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 127155. | ||||
| CVE-2017-5002 | 1 Emc | 1 Rsa Archer Egrc | 2025-04-20 | N/A |
| EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the RSA Archer application without the victims realizing an attack occurred. | ||||
| CVE-2017-7551 | 2 Fedoraproject, Redhat | 2 389 Directory Server, Enterprise Linux | 2025-04-20 | N/A |
| 389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts. | ||||
| CVE-2017-13752 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2025-04-20 | 7.5 High |
| There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | ||||
| CVE-2017-13751 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2025-04-20 | 7.5 High |
| There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | ||||
| CVE-2017-5474 | 1 S9y | 1 Serendipity | 2025-04-20 | N/A |
| Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header. | ||||
| CVE-2017-13750 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2025-04-20 | 7.5 High |
| There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack. | ||||
| CVE-2017-13749 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2025-04-20 | 7.5 High |
| There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | ||||
| CVE-2017-13747 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2025-04-20 | 7.5 High |
| There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | ||||
| CVE-2017-13746 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2025-04-20 | 7.5 High |
| There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack. | ||||
| CVE-2017-5571 | 1 Flexerasoftware | 1 Flexnet Publisher | 2025-04-20 | N/A |
| Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License Server VPX, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| CVE-2017-5594 | 1 Pagekit | 1 Pagekit | 2025-04-20 | 7.5 High |
| An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01. | ||||
| CVE-2017-8171 | 1 Huawei | 2 P10 Plus, P10 Plus Firmware | 2025-04-20 | N/A |
| Huawei smart phones with software earlier than Vicky-AL00AC00B172D versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Talkback mode and can perform some operations to bypass the Google account verification. As a result, the FRP function is bypassed. | ||||
| CVE-2017-8185 | 1 Huawei | 2 Me906s-158, Me906s-158 Firmware | 2025-04-20 | N/A |
| ME906s-158 earlier than ME906S_Installer_13.1805.10.3 versions has a privilege elevation vulnerability. An attacker could exploit this vulnerability to modify the configuration information containing malicious files and trick users into executing the files, resulting in the execution of arbitrary code. | ||||
| CVE-2017-8295 | 1 Wordpress | 1 Wordpress | 2025-04-20 | N/A |
| WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled SMTP server. This is related to problematic use of the SERVER_NAME variable in wp-includes/pluggable.php in conjunction with the PHP mail function. Exploitation is not achievable in all cases because it requires at least one of the following: (1) the attacker can prevent the victim from receiving any e-mail messages for an extended period of time (such as 5 days), (2) the victim's e-mail system sends an autoresponse containing the original message, or (3) the victim manually composes a reply containing the original message. | ||||
| CVE-2017-8326 | 1 Entropymine | 1 Imageworsener | 2025-04-20 | N/A |
| libimageworsener.a in ImageWorsener before 1.3.1 has "left shift cannot be represented in type int" undefined behavior issues, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image, related to imagew-bmp.c and imagew-util.c. | ||||