Export limit exceeded: 325309 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (325309 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-15232 | 1 Libjpeg-turbo | 1 Libjpeg-turbo | 2025-04-20 | N/A |
| libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file. | ||||
| CVE-2017-15370 | 2 Debian, Sound Exchange Project | 2 Debian Linux, Sound Exchange | 2025-04-20 | N/A |
| There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. | ||||
| CVE-2017-15371 | 2 Debian, Sound Exchange Project | 2 Debian Linux, Sound Exchange | 2025-04-20 | N/A |
| There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. | ||||
| CVE-2017-15642 | 2 Debian, Sound Exchange Project | 2 Debian Linux, Sound Exchange | 2025-04-20 | N/A |
| In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file. | ||||
| CVE-2017-16612 | 3 Canonical, Debian, X | 3 Ubuntu Linux, Debian Linux, Libxcursor | 2025-04-20 | N/A |
| libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0. | ||||
| CVE-2017-17669 | 3 Canonical, Debian, Exiv2 | 3 Ubuntu Linux, Debian Linux, Exiv2 | 2025-04-20 | 5.5 Medium |
| There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack. | ||||
| CVE-2017-17784 | 3 Canonical, Debian, Gimp | 3 Ubuntu Linux, Debian Linux, Gimp | 2025-04-20 | 7.8 High |
| In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data. | ||||
| CVE-2017-17788 | 3 Canonical, Debian, Gimp | 3 Ubuntu Linux, Debian Linux, Gimp | 2025-04-20 | 5.5 Medium |
| In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string. | ||||
| CVE-2017-17875 | 1 Jextn | 1 Jextn Faq Pro | 2025-04-20 | N/A |
| The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL Injection via the id parameter in a view=category action. | ||||
| CVE-2017-17876 | 1 Iwcnetwork | 1 Shift | 2025-04-20 | N/A |
| Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter. | ||||
| CVE-2017-17912 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2025-04-20 | N/A |
| In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region. | ||||
| CVE-2017-17928 | 1 Ordermanagementscript | 1 Professional Service Script | 2025-04-20 | N/A |
| PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter. | ||||
| CVE-2017-17930 | 1 Ordermanagementscript | 1 Professional Service Script | 2025-04-20 | N/A |
| PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel. | ||||
| CVE-2017-2295 | 3 Debian, Puppet, Redhat | 4 Debian Linux, Puppet, Satellite and 1 more | 2025-04-20 | N/A |
| Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire to PSON or safely decoded YAML. | ||||
| CVE-2017-1000250 | 2 Bluez, Redhat | 2 Bluez, Enterprise Linux | 2025-04-20 | N/A |
| All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests. | ||||
| CVE-2017-12413 | 1 Axis | 2 2100 Network Camera, 2100 Network Camera Firmware | 2025-04-20 | N/A |
| AXIS 2100 devices 2.43 have XSS via the URI, possibly related to admin/admin.shtml. | ||||
| CVE-2017-12418 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | N/A |
| ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c. | ||||
| CVE-2017-12427 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | N/A |
| The ProcessMSLScript function in coders/msl.c in ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5 allows remote attackers to cause a denial of service (memory leak) via a crafted file, related to the WriteMSLImage function. | ||||
| CVE-2017-12432 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | N/A |
| In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allows attackers to cause a denial of service. | ||||
| CVE-2017-12439 | 1 Socusoft | 1 Flash Slideshow Maker | 2025-04-20 | 7.5 High |
| SocuSoft Flash Slideshow Maker Professional through v5.20, when the advanced configuration is used, has an xml_path HTTP parameter that trusts user-supplied input, in conjunction with an unsafe XML configuration file. This has resultant content forgery, cross site scripting, and unvalidated redirection issues. | ||||