Export limit exceeded: 334723 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9985 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1748 | 1 Ibm | 1 Connections | 2024-11-21 | N/A |
| IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 135521. | ||||
| CVE-2017-1693 | 1 Ibm | 1 Integration Bus | 2024-11-21 | N/A |
| IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164. | ||||
| CVE-2017-1668 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | N/A |
| IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 133562. | ||||
| CVE-2017-1666 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | N/A |
| IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 133540. | ||||
| CVE-2017-1534 | 1 Ibm | 6 Security Access Manager Appliance, Security Access Manager Firmware, Security Access Manager For Mobile and 3 more | 2024-11-21 | N/A |
| IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676. | ||||
| CVE-2017-18905 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled. | ||||
| CVE-2017-18897 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection. | ||||
| CVE-2017-18891 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows Phishing because an error page can have a link. | ||||
| CVE-2017-18441 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 64.0.21 allows demo accounts to redirect web traffic (SEC-245). | ||||
| CVE-2017-18438 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242). | ||||
| CVE-2017-18414 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300). | ||||
| CVE-2017-18357 | 1 Shopware | 1 Shopware | 2024-11-21 | N/A |
| Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object. | ||||
| CVE-2017-18267 | 4 Canonical, Debian, Freedesktop and 1 more | 8 Ubuntu Linux, Debian Linux, Poppler and 5 more | 2024-11-21 | N/A |
| The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. | ||||
| CVE-2017-18262 | 1 Blackboard | 1 Blackboard Learn | 2024-11-21 | N/A |
| Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI. | ||||
| CVE-2017-18261 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
| The arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h in the Linux kernel before 4.13 allows local users to cause a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certain circumstances, as demonstrated by a scenario involving debugfs, ftrace, PREEMPT_TRACER, and FUNCTION_GRAPH_TRACER. | ||||
| CVE-2017-18252 | 3 Canonical, Imagemagick, Redhat | 3 Ubuntu Linux, Imagemagick, Enterprise Linux | 2024-11-21 | N/A |
| An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file. | ||||
| CVE-2017-18235 | 1 Exempi Project | 1 Exempi | 2024-11-21 | N/A |
| An issue was discovered in Exempi before 2.4.3. The VPXChunk class in XMPFiles/source/FormatSupport/WEBP_Support.cpp does not ensure nonzero widths and heights, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted .webp file. | ||||
| CVE-2017-18205 | 2 Redhat, Zsh Project | 2 Enterprise Linux, Zsh | 2024-11-21 | N/A |
| In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set. | ||||
| CVE-2017-18204 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
| The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests. | ||||
| CVE-2017-18200 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
| The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fs_wait_discard_bios calls, which allows local users to cause a denial of service (BUG), as demonstrated by fstrim. | ||||