Export limit exceeded: 74910 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74910 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-16629 | 1 Sapphireims | 1 Sapphireims | 2024-11-21 | 7.5 High |
| In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" - it gives an error "The application failed to identify the user. Please contact administrator for help." For "Correct User and Incorrect Password" - it gives an error "Authentication failed. Please login again." | ||||
| CVE-2017-16349 | 1 Sap | 1 Business Planning And Consolidation | 2024-11-21 | 8.1 High |
| An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in information disclosure and potential denial of service. An attacker can issue authenticated HTTP requests to trigger this vulnerability. | ||||
| CVE-2017-16348 | 1 Insteon | 2 Insteon Hub, Insteon Hub Firmware | 2024-11-21 | 7.5 High |
| An exploitable denial of service vulnerability exists in Insteon Hub running firmware version 1012. Leftover demo functionality allows for arbitrarily rebooting the device without authentication. An attacker can send a UDP packet to trigger this vulnerability. | ||||
| CVE-2017-16337 | 1 Insteon | 2 Hub 2245-222, Hub 2245-222 Firmware | 2024-11-21 | 8.8 High |
| On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. At 0x9d01ef24 the value for the s_offset key is copied using strcpy to the buffer at $sp+0x2b0. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | ||||
| CVE-2017-16255 | 1 Insteon | 2 Hub, Hub Firmware | 2024-11-21 | 8.1 High |
| An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request at At 0x9d014e84 the value for the cmd1 key is copied using strcpy to the buffer at $sp+0x280. This buffer is 16 bytes large. | ||||
| CVE-2017-16254 | 1 Insteon | 2 Hub, Hub Firmware | 2024-11-21 | 8.1 High |
| An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request at 0x9d014e4c the value for the flg key is copied using strcpy to the buffer at $sp+0x270. This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. | ||||
| CVE-2017-16253 | 1 Insteon | 2 Hub, Hub Firmware | 2024-11-21 | 8.1 High |
| An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012 for the cc channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request At 0x9d014dd8 the value for the id key is copied using strcpy to the buffer at $sp+0x290. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | ||||
| CVE-2017-16252 | 1 Insteon | 2 Hub 2245-222, Hub Firmware | 2024-11-21 | 8.1 High |
| Specially crafted commands sent through the PubNub service in Insteon Hub 2245-222 with firmware version 1012 can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability.At 0x9d014cc0 the value for the cmd key is copied using strcpy to the buffer at $sp+0x11c. This buffer is 20 bytes large, sending anything longer will cause a buffer overflow. | ||||
| CVE-2017-16116 | 1 String Project | 1 String | 2024-11-21 | 7.5 High |
| The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed into the underscore or unescapeHTML methods. | ||||
| CVE-2017-16115 | 1 Timespan Project | 1 Timespan | 2024-11-21 | 7.5 High |
| The timespan module is vulnerable to regular expression denial of service. Given 50k characters of untrusted user input it will block the event loop for around 10 seconds. | ||||
| CVE-2017-16099 | 1 No-case Project | 1 No-case | 2024-11-21 | 7.5 High |
| The no-case module is vulnerable to regular expression denial of service. When malicious untrusted user input is passed into no-case it can block the event loop causing a denial of service condition. | ||||
| CVE-2017-16062 | 1 Node-tkinter Project | 1 Node-tkinter | 2024-11-21 | 7.5 High |
| node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||||
| CVE-2017-16046 | 1 Mariadb | 1 Mariadb | 2024-11-21 | 7.5 High |
| `mariadb` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||||
| CVE-2017-16014 | 1 Http-proxy Project | 1 Http-proxy | 2024-11-21 | 7.5 High |
| Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the server, causing a denial of service. | ||||
| CVE-2017-15725 | 1 Devada | 1 Dzone Answerhub | 2024-11-21 | 7.5 High |
| An XML External Entity Injection vulnerability exists in Dzone AnswerHub. | ||||
| CVE-2017-15685 | 1 Craftercms | 1 Crafter Cms | 2024-11-21 | 8.6 High |
| Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band. | ||||
| CVE-2017-15684 | 1 Craftercms | 1 Crafter Cms | 2024-11-21 | 7.5 High |
| Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system. | ||||
| CVE-2017-15683 | 1 Craftercms | 1 Crafter Cms | 2024-11-21 | 8.6 High |
| In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band. | ||||
| CVE-2017-15518 | 1 Netapp | 2 Oncommand Api Services, Service Level Manager | 2024-11-21 | 7.8 High |
| All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgrade/installation no further action is required. | ||||
| CVE-2017-15139 | 2 Openstack, Redhat | 2 Cinder, Openstack | 2024-11-21 | 7.5 High |
| A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants. | ||||