Search Results (25419 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-6097 1 Ibm 2 Security Key Lifecycle Manager, Tivoli Key Lifecycle Manager 2025-04-20 N/A
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system.
CVE-2017-0063 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2025-04-20 N/A
The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka "Microsoft Color Management Information Disclosure Vulnerability." This vulnerability is different from that described in CVE-2017-0061.
CVE-2016-6246 1 Openbsd 1 Openbsd 2025-04-20 N/A
OpenBSD 5.8 and 5.9 allows certain local users with kern.usermount privileges to cause a denial of service (kernel panic) by mounting a tmpfs with a VNOVAL in the (1) username, (2) groupname, or (3) device name of the root node.
CVE-2017-11394 1 Trendmicro 1 Officescan 2025-04-20 N/A
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.
CVE-2017-14085 1 Trendmicro 1 Officescan 2025-04-20 N/A
Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version and modules.
CVE-2017-11450 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2025-04-20 8.8 High
coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short.
CVE-2015-3254 2 Apache, Redhat 4 Thrift, Jboss Amq, Jboss Data Virtualization and 1 more 2025-04-20 N/A
The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.
CVE-2016-6341 1 Ovirt 1 Ovirt 2025-04-20 N/A
oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list of keys to hide in log files, which allows local users to obtain sensitive password information by reading engine log files.
CVE-2016-9932 1 Xen 1 Xen 2025-04-20 N/A
CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix.
CVE-2016-6883 1 Matrixssl 1 Matrixssl 2025-04-20 N/A
MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack.
CVE-2017-10923 1 Xen 1 Xen 2025-04-20 N/A
Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-225.
CVE-2016-6887 1 Matrixssl 1 Matrixssl 2025-04-20 N/A
The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack.
CVE-2016-6024 1 Ibm 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more 2025-04-20 N/A
IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868.
CVE-2016-9939 2 Cryptopp, Debian 2 Crypto\+\+, Debian Linux 2025-04-20 N/A
Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the function will fail and the memory block will be zeroed even if its unused. There is a noticeable delay during the wipe for a large allocation.
CVE-2017-11461 1 Netapp 1 Oncommand Unified Manager 2025-04-20 N/A
NetApp OnCommand Unified Manager for 7-mode (core package) versions prior to 5.2.1 are susceptible to a clickjacking or "UI redress attack" which could be used to cause a user to perform an unintended action in the user interface.
CVE-2016-7467 1 F5 1 Big-ip Access Policy Manager 2025-04-20 N/A
The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via the SP connector.
CVE-2016-9955 2 Debian, Simplesamlphp 2 Debian Linux, Simplesamlphp 2025-04-20 N/A
The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean.
CVE-2017-10679 1 Piwigo 1 Piwigo 2025-04-20 N/A
Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID number of a private album. The permalink ID numbers are easily guessed.
CVE-2017-0011 1 Microsoft 1 Edge 2025-04-20 N/A
Microsoft Edge allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0017, CVE-2017-0065, and CVE-2017-0068.
CVE-2016-7536 1 Imagemagick 1 Imagemagick 2025-04-20 6.5 Medium
magick/profile.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted profile.