The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2017-10780 | XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000372b4a. | Medium | Jul 10, 2017 |
| CVE-2017-14580 | XnView Classic for Windows Version 2.41 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a User Mode Write AV starting at jbig2dec+0x000000000000870f. | Medium | Sep 21, 2017 |
| CVE-2017-15802 | XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to Data from Faulting Address controls Branch Selection starting at ntdll_77310000!LdrpResCompareResourceNames+0x0000000000000087. | Medium | Oct 24, 2017 |
| CVE-2017-15801 | XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to Data from Faulting Address controls Branch Selection starting at ntdll_77310000!LdrpResSearchResourceInsideDirectory+0x000000000000029e. | Medium | Oct 24, 2017 |
| CVE-2017-15803 | XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ntdll_77310000!LdrpResCompareResourceNames+0x0000000000000150. | Medium | Oct 24, 2017 |
| CVE-2017-15786 | XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a Read Access Violation starting at CADImage+0x00000000001a78db. | Medium | Oct 24, 2017 |
| CVE-2017-15773 | XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a Read Access Violation starting at CADImage+0x0000000000285d79. | Medium | Oct 24, 2017 |
| CVE-2017-15780 | XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a Read Access Violation starting at CADImage+0x0000000000285dad. | Medium | Oct 24, 2017 |
| CVE-2017-15778 | XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a Read Access Violation starting at CADImage+0x0000000000285de7. | Medium | Oct 24, 2017 |
| CVE-2017-15775 | XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to Data from Faulting Address controls Branch Selection starting at CADImage+0x0000000000259aa4. | Medium | Oct 24, 2017 |
| CVE-2017-15783 | XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to Data from Faulting Address controls Branch Selection starting at CADImage+0x0000000000285ce1. | Medium | Oct 24, 2017 |
| CVE-2017-15772 | XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to Data from Faulting Address may be used as a return value starting at CADImage+0x0000000000285e9d. | Medium | Oct 24, 2017 |
| CVE-2017-15776 | XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to Data from Faulting Address may be used as a return value starting at CADImage+0x0000000000285ec1. | Medium | Oct 24, 2017 |
| CVE-2017-15785 | XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a Data Execution Prevention Violation near NULL starting at Unknown Symbol @ 0x0000000000000000 called from CADImage+0x0000000000286a79. | Medium | Oct 24, 2017 |
| CVE-2017-15787 | XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a Data Execution Prevention Violation starting at xnview+0x0000000000580063. | Medium | Oct 24, 2017 |
| CVE-2017-15781 | XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a Read Access Violation on Control Flow starting at CADImage+0x0000000000286a76. | Medium | Oct 24, 2017 |
| CVE-2017-15777 | XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a User Mode Write AV near NULL starting at CADImage+0x0000000000288750. | Medium | Oct 24, 2017 |
| CVE-2017-15788 | XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a User Mode Write AV starting at CADImage+0x0000000000002d83. | Medium | Oct 24, 2017 |
| CVE-2017-15782 | XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a User Mode Write AV starting at CADImage+0x00000000000032eb. | Medium | Oct 24, 2017 |
| CVE-2017-15789 | XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a User Mode Write AV starting at CADImage+0x00000000000048e7. | Medium | Oct 24, 2017 |
| CVE-2017-15784 | XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to an Illegal Instruction Violation starting at xnview+0x0000000000370074. | Medium | Oct 24, 2017 |
| CVE-2017-15774 | XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to Data from Faulting Address controls Code Flow starting at CADImage+0x0000000000221a9a. | Medium | Oct 24, 2017 |
| CVE-2017-15779 | XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to Data from Faulting Address controls subsequent Write Address starting at CADImage+0x00000000000034b0. | Medium | Oct 24, 2017 |
| CVE-2019-9963 | XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlFreeHeap. | MEDIUM | Mar 26, 2019 |
| CVE-2019-9964 | XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlpNtMakeTemporaryKey. | MEDIUM | Mar 26, 2019 |
| CVE-2019-9965 | XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlReAllocateHeap. | MEDIUM | Mar 26, 2019 |
| CVE-2019-9962 | XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to VCRUNTIME140!memcpy. | MEDIUM | Mar 26, 2019 |
| CVE-2020-23887 | XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted ico file. Related to a Read Access Violation starting at USER32!SmartStretchDIBits+0x33. | MEDIUM | Nov 11, 2021 |
| CVE-2020-23886 | XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted pict file. Related to a User Mode Write AV starting at ntdll!RtlpLowFragHeapFree. | MEDIUM | Nov 11, 2021 |
| CVE-2013-3939 | xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow. | MEDIUM | Jan 15, 2020 |
| CVE-2023-43906 | Xolo CMS v0.11 was discovered to contain a reflected cross-site scripting (XSS) vulnerability. | -- | Oct 26, 2023 |
| CVE-2011-3822 | XOOPS 2.5.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/system/xoops_version.php and certain other files. | Medium | Sep 26, 2011 |
| CVE-2017-12138 | XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter. | Medium | Aug 4, 2017 |
| CVE-2017-12139 | XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php. | Medium | Aug 4, 2017 |
| CVE-2017-7944 | XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an Install DB failure error message in page_dbsettings.php. | MEDIUM | Apr 24, 2017 |
| CVE-2013-4692 | Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS | MEDIUM | Jan 4, 2020 |
| CVE-2017-12178 | xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 |
| CVE-2017-12176 | xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 |
| CVE-2017-12185 | xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 |
| CVE-2017-12187 | xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 |
| CVE-2017-12186 | xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 |
| CVE-2017-12183 | xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 |
| CVE-2017-12181 | xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 |
| CVE-2017-12182 | xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 |
| CVE-2017-12180 | xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 |
| CVE-2017-12184 | xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 |
| CVE-2017-12179 | xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 |
| CVE-2017-12177 | xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 |
| CVE-2018-11718 | Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow CSRF. | MEDIUM | Aug 30, 2018 |
| CVE-2018-11720 | Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow Directory Traversal. | MEDIUM | Aug 30, 2018 |
