Search Results (26287 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-6887 1 Matrixssl 1 Matrixssl 2025-04-20 N/A
The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack.
CVE-2017-13056 1 Tracker-software 1 Pdf-xchange Viewer 2025-04-20 N/A
The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a crafted PDF file.
CVE-2012-1301 1 Umbraco 1 Umbraco Cms 2025-04-20 9.8 Critical
The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter.
CVE-2016-7761 1 Apple 1 Mac Os X 2025-04-20 N/A
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "WiFi" component, which allows local users to obtain sensitive network-configuration information by leveraging global storage.
CVE-2016-7765 1 Apple 1 Iphone Os 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Clipboard" component, which allows physically proximate attackers to obtain sensitive information in the lockscreen state by viewing clipboard contents.
CVE-2017-16952 1 Kmplayer 1 Kmplayer 2025-04-20 N/A
KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service via a crafted NSV file.
CVE-2016-7814 1 Iodata 4 Ts-wrla, Ts-wrla Firmware, Ts-wrlp and 1 more 2025-04-20 N/A
I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WRLA firmware version 1.00.01 and earlier allow remote attackers to obtain authentication credentials via unspecified vectors.
CVE-2016-7821 1 Buffalotech 2 Wnc01wh, Wnc01wh Firmware 2025-04-20 N/A
Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allow remote attackers to cause a denial of service against the management screen via unspecified vectors.
CVE-2017-16951 1 Audiovalley 1 Winamp Pro 2025-04-20 5.5 Medium
Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial of service via a crafted WAV, WMV, AU, ASF, AIFF, or AIF file.
CVE-2017-16894 1 Laravel 1 Laravel 2025-04-20 N/A
In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php, which uses file_put_contents without restricting the .env permissions. The .env filename is not used exclusively by Laravel framework.
CVE-2017-16845 3 Canonical, Debian, Qemu 3 Ubuntu Linux, Debian Linux, Qemu 2025-04-20 10.0 Critical
hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.
CVE-2017-16837 1 Trusted Boot Project 1 Trusted Boot 2025-04-20 N/A
Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers.
CVE-2017-16826 1 Gnu 1 Binutils 2025-04-20 N/A
The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.
CVE-2016-7958 1 Wireshark 1 Wireshark 2025-04-20 N/A
In Wireshark 2.2.0, the NCP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/CMakeLists.txt by registering this dissector.
CVE-2017-16818 2 Fedoraproject, Redhat 2 Fedora, Ceph 2025-04-20 N/A
RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h.
CVE-2017-16787 1 Meinbergglobal 2 Lantime, Lantime Firmware 2025-04-20 N/A
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL access.
CVE-2016-7979 2 Artifex, Redhat 2 Ghostscript, Enterprise Linux 2025-04-20 N/A
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.
CVE-2016-8652 1 Dovecot 1 Dovecot 2025-04-20 N/A
The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service (crash) by aborting authentication without setting a username.
CVE-2017-15956 1 Converto Video Downloader \& Converter Project 1 Converto Video Downloader \& Converter 2025-04-20 N/A
ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php.
CVE-2017-1595 1 Ibm 1 Security Guardium 2025-04-20 N/A
IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132549.