Search
Total
2662 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12775 | 1 Question2answer | 1 Question2answer | 2017-09-05 | 5.0 MEDIUM | 7.5 HIGH |
| qa-include/qa-install.php in Question2Answer before 1.7.5 allows remote attackers to create multiple user accounts. | |||||
| CVE-2016-1464 | 1 Cisco | 1 Webex Wrf Player T29 | 2017-09-03 | 9.3 HIGH | 7.8 HIGH |
| Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375. | |||||
| CVE-2017-12961 | 1 Gnu | 1 Pspp | 2017-09-02 | 5.0 MEDIUM | 7.5 HIGH |
| There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service. | |||||
| CVE-2017-3316 | 1 Oracle | 1 Vm Virtualbox | 2017-09-02 | 6.0 MEDIUM | 8.4 HIGH |
| Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS v3.0 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). | |||||
| CVE-2016-1374 | 1 Cisco | 1 Unified Computing System Performance Manager | 2017-09-01 | 9.0 HIGH | 8.8 HIGH |
| The web framework in Cisco Unified Computing System (UCS) Performance Manager 2.0.0 and earlier allows remote authenticated users to execute arbitrary commands via crafted parameters in a GET request, aka Bug ID CSCuy07827. | |||||
| CVE-2016-1450 | 1 Cisco | 1 Webex Meetings Server | 2017-09-01 | 6.0 MEDIUM | 7.5 HIGH |
| Cisco WebEx Meetings Server 2.6 allows remote authenticated users to conduct command-injection attacks via vectors related to an upload's file type, aka Bug ID CSCuy92715. | |||||
| CVE-2017-0312 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2017-09-01 | 7.2 HIGH | 7.8 HIGH |
| All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscapeID 0x100008b where user provided input is used as the limit for a loop may lead to denial of service or potential escalation of privileges | |||||
| CVE-2016-1463 | 1 Cisco | 1 Firesight System Software | 2017-09-01 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737. | |||||
| CVE-2016-1263 | 1 Juniper | 1 Junos | 2017-09-01 | 7.8 HIGH | 7.5 HIGH |
| Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 before 12.1X47-D35, 12.3X48 before 12.3X48-D30, 13.3 before 13.3R9-S1, 14.1 before 14.1R7, 14.2 before 14.2R6, 15.1 before 15.1F2-S5, 15.1F4 before 15.1F4-S2, 15.1R before 15.1R2-S3, 15.1 before 15.1R3, and 15.1X49 before 15.1X49-D40 allow remote attackers to cause a denial of service (kernel crash) via a crafted UDP packet destined to the interface IP address of a 64-bit OS device. | |||||
| CVE-2016-4641 | 1 Apple | 1 Mac Os X | 2017-09-01 | 9.3 HIGH | 7.3 HIGH |
| Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or obtain sensitive user information via a crafted app that leverages a "type confusion." | |||||
| CVE-2017-3752 | 2 Ibm, Lenovo | 30 1\, 1g L2-7 Slb, Bladecenter and 27 more | 2017-08-30 | 4.3 MEDIUM | 8.2 HIGH |
| An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain. | |||||
| CVE-2017-13735 | 1 Libraw | 1 Libraw | 2017-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. | |||||
| CVE-2017-13692 | 1 Htacg | 1 Tidy | 2017-08-30 | 5.0 MEDIUM | 7.5 HIGH |
| In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service (Segmentation Fault), as demonstrated by an invalid ISALNUM argument. | |||||
| CVE-2017-12784 | 1 Ccfile | 1 Cc File Transfer | 2017-08-25 | 5.0 MEDIUM | 7.5 HIGH |
| In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An example payload is a malformed request header with many '|' characters. NOTE: some sources use this ID for a NoviWare issue, but the correct ID for that issue is CVE-2017-12787. | |||||
| CVE-2017-12426 | 1 Gitlab | 1 Gitlab | 2017-08-25 | 6.8 MEDIUM | 8.8 HIGH |
| GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import. | |||||
| CVE-2015-2291 | 2 Intel, Microsoft | 3 Ethernet Diagnostics Driver Iqvw32.sys, Ethernet Diagnostics Driver Iqvw64.sys, Windows | 2017-08-24 | 7.2 HIGH | 7.8 HIGH |
| (1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call. | |||||
| CVE-2016-1479 | 1 Cisco | 2 Ip Phone 8800, Ip Phone 8800 Series Firmware | 2017-08-16 | 7.8 HIGH | 7.5 HIGH |
| Cisco IP Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of service (memory corruption) via a crafted HTTP request, aka Bug ID CSCuz03038. | |||||
| CVE-2016-1409 | 1 Cisco | 4 Ios, Ios Xe, Ios Xr and 1 more | 2017-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as exploited in the wild in May 2016. | |||||
| CVE-2016-1430 | 1 Cisco | 4 Rv180 Vpn Router, Rv180 Vpn Router Firmware, Rv180w Vpn Router and 1 more | 2017-08-16 | 9.0 HIGH | 8.8 HIGH |
| Cisco RV180 and RV180W devices allow remote authenticated users to execute arbitrary commands as root via a crafted HTTP request, aka Bug ID CSCuz48592. | |||||
| CVE-2017-7478 | 1 Openvpn | 1 Openvpn | 2017-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2. | |||||
| CVE-2017-7456 | 1 Moxa | 1 Mxview | 2017-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| Moxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk payload for the MXView client login credentials. | |||||
| CVE-2016-1478 | 1 Cisco | 1 Ios | 2017-08-16 | 7.8 HIGH | 7.5 HIGH |
| Cisco IOS 15.5(3)S3, 15.6(1)S2, 15.6(2)S1, and 15.6(2)T1 does not properly dequeue invalid NTP packets, which allows remote attackers to cause a denial of service (interface wedge) by sending many crafted NTP packets, aka Bug ID CSCva35619. | |||||
| CVE-2016-1419 | 1 Cisco | 2 Aironet, Aironet Access Point Software | 2017-08-16 | 6.8 MEDIUM | 8.1 HIGH |
| Cisco Access Point devices with software 8.2(102.43) allow remote attackers to cause a denial of service (device reload) via crafted ARP packets, aka Bug ID CSCuy55803. | |||||
| CVE-2016-1484 | 1 Cisco | 1 Webex Meetings Server | 2017-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco WebEx Meetings Server 2.6 allows remote attackers to bypass intended access restrictions and obtain sensitive application information via unspecified vectors, aka Bug ID CSCuy92724. | |||||
| CVE-2016-1365 | 1 Cisco | 1 Application Policy Infrastructure Controller Enterprise Module | 2017-08-16 | 8.5 HIGH | 8.8 HIGH |
| The Grapevine update process in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0 allows remote authenticated users to execute arbitrary commands as root via a crafted upgrade parameter, aka Bug ID CSCux15507. | |||||
| CVE-2017-8664 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Server 2012 and 1 more | 2017-08-15 | 7.2 HIGH | 8.8 HIGH |
| Windows Hyper-V in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability". | |||||
| CVE-2016-1472 | 1 Cisco | 1 Small Business 220 Series Smart Plus Switches | 2017-08-13 | 5.0 MEDIUM | 7.5 HIGH |
| The web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to cause a denial of service (interface outage) via a crafted HTTP request, aka Bug ID CSCuz76238. | |||||
| CVE-2017-0249 | 1 Microsoft | 19 Microsoft.aspnetcore.mvc, Microsoft.aspnetcore.mvc.abstractions, Microsoft.aspnetcore.mvc.apiexplorer and 16 more | 2017-08-10 | 7.5 HIGH | 7.3 HIGH |
| An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. | |||||
| CVE-2017-9801 | 1 Apache | 1 Commons Email | 2017-08-09 | 5.0 MEDIUM | 7.5 HIGH |
| When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers. | |||||
| CVE-2016-4431 | 1 Apache | 1 Struts | 2017-08-09 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method. | |||||
| CVE-2016-4433 | 1 Apache | 1 Struts | 2017-08-09 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request. | |||||
| CVE-2017-6746 | 1 Cisco | 1 Web Security Appliance | 2017-08-08 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. Affected Products: Cisco AsyncOS Software 10.0 and later for WSA on both virtual and hardware appliances. More Information: CSCvd88862. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-235. | |||||
| CVE-2017-1460 | 1 Ibm | 1 I | 2017-08-03 | 5.0 MEDIUM | 7.5 HIGH |
| IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue router spoofs its origin. Routing tables are affected by a missing LSA, which may lead to loss of connectivity. IBM X-Force ID: 128379. | |||||
| CVE-2016-6379 | 1 Cisco | 2 Ios, Ios Xe | 2017-07-30 | 7.8 HIGH | 7.5 HIGH |
| Cisco IOS 12.2 and IOS XE 3.14 through 3.16 and 16.1 allow remote attackers to cause a denial of service (device reload) via crafted IP Detail Record (IPDR) packets, aka Bug ID CSCuu35089. | |||||
| CVE-2016-1483 | 1 Cisco | 1 Webex Meetings Server | 2017-07-30 | 7.8 HIGH | 7.5 HIGH |
| Cisco WebEx Meetings Server 2.6 allows remote attackers to cause a denial of service (CPU consumption) by repeatedly accessing the account-validation component of an unspecified service, aka Bug ID CSCuy92704. | |||||
| CVE-2016-4698 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-07-30 | 9.3 HIGH | 7.8 HIGH |
| AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 mishandles process entitlement and Team ID values in the task port inheritance policy, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2016-6411 | 1 Cisco | 1 Firesight System Software | 2017-07-30 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585. | |||||
| CVE-2016-6422 | 1 Cisco | 1 Ios | 2017-07-30 | 4.3 MEDIUM | 7.5 HIGH |
| Cisco IOS 12.2(33)SXJ9 on Supervisor Engine 32 and 720 modules for 6500 and 7600 devices mishandles certain operators, flags, and keywords in TCAM share ACLs, which allows remote attackers to bypass intended access restrictions by sending packets that should have been recognized by a filter, aka Bug ID CSCuy64806. | |||||
| CVE-2016-6426 | 1 Cisco | 2 Unified Contact Center Express, Unified Intelligence Center | 2017-07-30 | 4.3 MEDIUM | 7.5 HIGH |
| The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653. | |||||
| CVE-2016-4711 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-07-30 | 5.0 MEDIUM | 7.5 HIGH |
| CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for input and output. | |||||
| CVE-2016-8870 | 1 Joomla | 1 Joomla\! | 2017-07-29 | 6.8 MEDIUM | 8.1 HIGH |
| The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting. | |||||
| CVE-2016-6360 | 1 Cisco | 2 Email Security Appliance, Web Security Appliance | 2017-07-29 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to the AMP process unexpectedly restarting. Affected Products: Cisco AsyncOS Software for Email Security Appliances (ESA) versions 9.5 and later up to the first fixed release, Cisco AsyncOS Software for Web Security Appliances (WSA) all versions prior to the first fixed release. More Information: CSCux56406, CSCux59928. Known Affected Releases: 9.6.0-051 9.7.0-125 8.8.0-085 9.5.0-444 WSA10.0.0-000. Known Fixed Releases: 9.7.1-066 WSA10.0.0-233. | |||||
| CVE-2016-1481 | 1 Cisco | 1 Email Security Appliance | 2017-07-29 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter that contains certain rules. More Information: CSCux59873. Known Affected Releases: 8.5.6-106 9.1.0-032 9.7.0-125. Known Fixed Releases: 9.1.1-038 9.7.1-066. | |||||
| CVE-2016-8563 | 1 Siemens | 1 Automation License Manager | 2017-07-29 | 5.0 MEDIUM | 7.5 HIGH |
| Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to cause a denial of service (ALM service outage) via crafted packets to TCP port 4410. | |||||
| CVE-2016-6372 | 1 Cisco | 3 Email Security Appliance, Web Security Appliance, Web Security Appliance 8.0.5 | 2017-07-29 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of the targeted device. Emails that should have been quarantined could instead be processed. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA on both virtual and hardware appliances that are configured with message or content filters to scan incoming email attachments. More Information: CSCuy54740, CSCuy75174. Known Affected Releases: 9.7.1-066 9.5.0-575 WSA10.0.0-000. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047. | |||||
| CVE-2016-6458 | 1 Cisco | 1 Email Security Appliance Firmware | 2017-07-29 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. Email that should have been filtered could instead be forwarded by the device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to use a content filter for email attachments that are protected or encrypted. More Information: CSCva52546. Known Affected Releases: 10.0.0-125 9.7.1-066. | |||||
| CVE-2016-6358 | 1 Cisco | 1 Email Security Appliance | 2017-07-29 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in local FTP to the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition when the FTP application unexpectedly quits. More Information: CSCux68539. Known Affected Releases: 9.1.0-032 9.7.1-000. Known Fixed Releases: 9.1.1-038. | |||||
| CVE-2016-6356 | 1 Cisco | 1 Email Security Appliance | 2017-07-29 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. More Information: CSCuz63143. Known Affected Releases: 8.5.7-042 9.7.0-125. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047. | |||||
| CVE-2016-0909 | 1 Emc | 2 Avamar Data Store, Avamar Server Virtual Edition | 2017-07-29 | 7.2 HIGH | 8.4 HIGH |
| EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3 and older contain a vulnerability that may expose the Avamar servers to potentially be compromised by malicious users. | |||||
| CVE-2017-11555 | 1 Libsass | 1 Libsass | 2017-07-28 | 5.0 MEDIUM | 7.5 HIGH |
| There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service. | |||||