Search
Total
9231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-17138 | 1 Huawei | 48 Dp300, Dp300 Firmware, Ips Module and 45 more | 2018-03-27 | 2.1 LOW | 5.5 MEDIUM |
| PEM module of DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a DoS vulnerability in PEM module of Huawei products due to insufficient verification. An authenticated local attacker can make processing into deadloop by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service. | |||||
| CVE-2016-0276 | 1 Ibm | 1 Financial Transaction Manager | 2018-03-26 | 6.5 MEDIUM | 6.3 MEDIUM |
| IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object. IBM X-Force ID: 111084. | |||||
| CVE-2018-7583 | 1 Advantig | 1 Dualdesk | 2018-03-26 | 5.0 MEDIUM | 7.5 HIGH |
| Proxy.exe in DualDesk 20 allows Remote Denial Of Service (daemon crash) via a long string to TCP port 5500. | |||||
| CVE-2016-8785 | 1 Huawei | 8 S12700, S12700 Firmware, S5700 and 5 more | 2018-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| Huawei S12700 V200R007C00, V200R008C00, S5700 V200R007C00, S7700 V200R002C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R007C00 have an input validation vulnerability. Due to the lack of input validation, an attacker may craft a malformed packet and send it to the device using VRP, causing the device to display additional memory data and possibly leading to sensitive information leakage. | |||||
| CVE-2016-8786 | 1 Huawei | 10 S12700, S12700 Firmware, S5700 and 7 more | 2018-03-26 | 7.8 HIGH | 7.5 HIGH |
| Huawei S12700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, S5700 V200R006C00, V200R007C00, V200R008C00, S6700 V200R008C00, S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00 have a denial of service (DoS) vulnerability. Due to the lack of input validation, a remote attacker may craft a malformed Resource Reservation Protocol (RSVP) packet and send it to the device, causing a few buffer overflows and occasional device restart. | |||||
| CVE-2017-7671 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2018-03-23 | 5.0 MEDIUM | 7.5 HIGH |
| There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake. This issue can cause the server to coredump. | |||||
| CVE-2017-6154 | 1 F5 | 1 Big-ip Application Security Manager | 2018-03-23 | 5.0 MEDIUM | 7.5 HIGH |
| On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, the BIG-IP ASM bd daemon may core dump memory under some circumstances when processing undisclosed types of data on systems with 48 or more CPU cores. | |||||
| CVE-2017-6150 | 1 F5 | 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 7 more | 2018-03-23 | 7.8 HIGH | 7.5 HIGH |
| Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM). | |||||
| CVE-2017-7597 | 1 Libtiff | 1 Libtiff | 2018-03-22 | 6.8 MEDIUM | 7.8 HIGH |
| tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | |||||
| CVE-2017-7601 | 1 Libtiff | 1 Libtiff | 2018-03-22 | 6.8 MEDIUM | 7.8 HIGH |
| LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | |||||
| CVE-2017-7600 | 1 Libtiff | 1 Libtiff | 2018-03-22 | 6.8 MEDIUM | 7.8 HIGH |
| LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | |||||
| CVE-2017-7599 | 1 Libtiff | 1 Libtiff | 2018-03-22 | 6.8 MEDIUM | 7.8 HIGH |
| LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | |||||
| CVE-2017-7596 | 1 Libtiff | 1 Libtiff | 2018-03-22 | 6.8 MEDIUM | 7.8 HIGH |
| LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | |||||
| CVE-2017-7592 | 1 Libtiff | 1 Libtiff | 2018-03-22 | 6.8 MEDIUM | 7.8 HIGH |
| The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | |||||
| CVE-2017-10688 | 1 Libtiff | 1 Libtiff | 2018-03-22 | 5.0 MEDIUM | 7.5 HIGH |
| In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack. | |||||
| CVE-2016-10371 | 1 Libtiff | 1 Libtiff | 2018-03-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file. | |||||
| CVE-2017-5660 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2018-03-21 | 5.0 MEDIUM | 8.6 HIGH |
| There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used. | |||||
| CVE-2011-3477 | 1 Symantec | 4 Backup Exec System Recovery, Norton 360, Norton Ghost and 1 more | 2018-03-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| GEAR Software CD DVD Filter driver (aka GEARAspiWDM.sys), as used in Symantec Backup Exec System Recovery 8.5 and BESR 2010, Symantec System Recovery 2011, Norton 360, and Norton Ghost, allows local users to cause a denial of service (system crash) via unspecified vectors. | |||||
| CVE-2018-5763 | 1 Oxid-esales | 1 Eshop | 2018-03-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 and 6.x before 6.0.1. By entering specially crafted URLs, an attacker is able to bring the shop server to a standstill and hence, it stops working. This is only valid if OXID High Performance Option is activated and Varnish is used. | |||||
| CVE-2014-3206 | 1 Seagate | 4 Blackarmor Nas 110, Blackarmor Nas 110 Firmware, Blackarmor Nas 220 and 1 more | 2018-03-19 | 10.0 HIGH | 9.8 CRITICAL |
| Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php. | |||||
| CVE-2015-2081 | 1 Datto | 16 Alto 2, Alto 2 Firmware, Alto 3 and 13 more | 2018-03-19 | 7.5 HIGH | 9.8 CRITICAL |
| Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts. | |||||
| CVE-2017-16813 | 1 Foxitsoftware | 1 Mobilepdf | 2018-03-16 | 2.9 LOW | 5.5 MEDIUM |
| A denial-of-service issue was discovered in the Foxit MobilePDF app before 6.1 for iOS. This occurs when a user uploads a file that includes a hexadecimal Unicode character in the "filename" parameter via Wi-Fi, since the app could fail to parse this. | |||||
| CVE-2017-18200 | 1 Linux | 1 Linux Kernel | 2018-03-16 | 4.9 MEDIUM | 5.5 MEDIUM |
| The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fs_wait_discard_bios calls, which allows local users to cause a denial of service (BUG), as demonstrated by fstrim. | |||||
| CVE-2016-2570 | 1 Squid-cache | 1 Squid | 2018-03-16 | 5.0 MEDIUM | 7.5 HIGH |
| The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h. | |||||
| CVE-2017-14489 | 1 Linux | 1 Linux Kernel | 2018-03-16 | 4.9 MEDIUM | 5.5 MEDIUM |
| The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation. | |||||
| CVE-2016-2571 | 1 Squid-cache | 1 Squid | 2018-03-16 | 5.0 MEDIUM | 7.5 HIGH |
| http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response. | |||||
| CVE-2016-2569 | 1 Squid-cache | 1 Squid | 2018-03-16 | 5.0 MEDIUM | 7.5 HIGH |
| Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header. | |||||
| CVE-2017-15699 | 1 Apache | 2 Qpid Dispatch, Qpid Dispatch Firmware | 2018-03-15 | 6.8 MEDIUM | 6.5 MEDIUM |
| A Denial of Service vulnerability was found in Apache Qpid Dispatch Router versions 0.7.0 and 0.8.0. To exploit this vulnerability, a remote user must be able to establish an AMQP connection to the Qpid Dispatch Router and send a specifically crafted AMQP frame which will cause it to segfault and shut down. | |||||
| CVE-2017-18088 | 1 Atlassian | 1 Bitbucket | 2018-03-15 | 4.3 MEDIUM | 4.3 MEDIUM |
| Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.6 (the fixed version for 5.5.x), from version 5.6.0 before 5.6.3 (the fixed version for 5.6.x), from version 5.7.0 before 5.7.1 (the fixed version for 5.7.x) and before 5.8.0 allow remote attackers to conduct clickjacking attacks via framing various resources that lacked clickjacking protection. | |||||
| CVE-2017-8969 | 1 Hp | 1 Insight Control | 2018-03-15 | 3.5 LOW | 5.7 MEDIUM |
| An improper input validation vulnerability in HPE Insight Control version 7.6 LR1 was found. | |||||
| CVE-2018-5767 | 1 Tendacn | 2 Ac15, Ac15 Firmware | 2018-03-15 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header. | |||||
| CVE-2015-5674 | 1 Freebsd | 1 Freebsd | 2018-03-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| The routed daemon in FreeBSD 9.3 before 9.3-RELEASE-p22, 10.2-RC2 before 10.2-RC2-p1, 10.2-RC1 before 10.2-RC1-p2, 10.2 before 10.2-BETA2-p3, and 10.1 before 10.1-RELEASE-p17 allows remote authenticated users to cause a denial of service (assertion failure and daemon exit) via a query from a network that is not directly connected. | |||||
| CVE-2017-17159 | 1 Huawei | 4 Mt8-emui4.1, Mt8-emui4.1 Firmware, Nts-al00 and 1 more | 2018-03-14 | 6.1 MEDIUM | 6.5 MEDIUM |
| Some Huawei smart phones with software of NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01, NTS-AL00C00B535 have a DoS vulnerability due to insufficient input validation. An unauthenticated attacker could send malformed System Information(SI) messages to the smart phone within radio range by special wireless device. Successful exploit could make the smart phone restart. | |||||
| CVE-2017-17201 | 1 Huawei | 12 Berlin-emui5.0, Berlin-emui5.0 Firmware, Berlin-l21 and 9 more | 2018-03-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| Some huawei smartphones with software BTV-DL09C233B350, Berlin-L21HNC432B360, Berlin-L22HNC636B360, Berlin-L24HNC567B360, Berlin-L21C10B130, Berlin-L21C185B132, Berlin-L21C464B130, Berlin-L22C346B140, Berlin-L22C636B160, Berlin-L23C605B131, Berlin-L23DOMC109B160, MHA-AL00AC00B125 have a DoS vulnerability. Due to insufficient input validation, an attacker could trick a user to execute a malicious application, which could be exploited by attacker to launch DoS attacks. | |||||
| CVE-2017-6169 | 1 F5 | 1 Big-ip Policy Enforcement Manager | 2018-03-13 | 4.3 MEDIUM | 6.8 MEDIUM |
| In versions 13.0.0, 12.0.0-12.1.3, or 11.6.0-11.6.2, an F5 BIG-IP virtual server using the URL categorization feature may cause the Traffic Management Microkernel (TMM) to produce a core file when it receives malformed URLs during categorization. | |||||
| CVE-2014-8420 | 1 Sonicwall | 3 Analyzer, Global Management System, Uma Em5000 | 2018-03-12 | 9.0 HIGH | N/A |
| The ViewPoint web application in Dell SonicWALL Global Management System (GMS) before 7.2 SP2, SonicWALL Analyzer before 7.2 SP2, and SonicWALL UMA before 7.2 SP2 allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2016-8530 | 1 Hp | 1 Intelligent Management Center | 2018-03-12 | 5.0 MEDIUM | 7.5 HIGH |
| A remote denial of service vulnerability in HPE iMC PLAT version v7.2 E0403P06 and earlier was found. The problem was resolved in iMC PLAT 7.3 E0504 or subsequent version. | |||||
| CVE-2017-15817 | 1 Google | 1 Android | 2018-03-12 | 9.3 HIGH | 7.8 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, when an access point sends a challenge text greater than 128 bytes, the host driver is unable to validate this potentially leading to authentication failure. | |||||
| CVE-2018-1298 | 1 Apache | 1 Qpid Broker-j | 2018-03-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| A Denial of Service vulnerability was found in Apache Qpid Broker-J 7.0.0 in functionality for authentication of connections for AMQP protocols 0-8, 0-9, 0-91 and 0-10 when PLAIN or XOAUTH2 SASL mechanism is used. The vulnerability allows unauthenticated attacker to crash the broker instance. AMQP 1.0 and HTTP connections are not affected. An authentication of incoming AMQP connections in Apache Qpid Broker-J is performed by special entities called "Authentication Providers". Each Authentication Provider can support several SASL mechanisms which are offered to the connecting clients as part of SASL negotiation process. The client chooses the most appropriate SASL mechanism for authentication. Authentication Providers of following types supports PLAIN SASL mechanism: Plain, PlainPasswordFile, SimpleLDAP, Base64MD5PasswordFile, MD5, SCRAM-SHA-256, SCRAM-SHA-1. XOAUTH2 SASL mechanism is supported by Authentication Providers of type OAuth2. If an AMQP port is configured with any of these Authentication Providers, the Broker may be vulnerable. | |||||
| CVE-2017-8976 | 1 Hp | 1 Moonshot Provisioning Manager Appliance | 2018-03-09 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found. | |||||
| CVE-2017-8971 | 1 Hp | 1 Matrix Operating Environment | 2018-03-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| A clickjacking vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found. | |||||
| CVE-2017-8972 | 1 Hp | 1 Matrix Operating Environment | 2018-03-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| A clickjacking vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found. | |||||
| CVE-2017-17299 | 1 Huawei | 32 Ar120-s, Ar120-s Firmware, Ar1200 and 29 more | 2018-03-09 | 5.0 MEDIUM | 7.5 HIGH |
| Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C02, AR1200-S V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C02, AR150-S V200R006C10, V200R007C00, AR160 V200R006C10, V200R006C12, V200R007C00S, V200R007C02, AR200 V200R006C10, V200R007C00, AR200-S V200R006C10, V200R007C00, AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C02, AR2200-S V200R006C10, V200R007C00, V200R008C20, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C02, AR3600 V200R006C10, V200R007C00, AR510 V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, IPS Module V500R001C30, NIP6300 V500R001C30, NetEngine16EX V200R006C10, V200R007C00 have an insufficient input validation vulnerability. An unauthenticated, remote attacker may send crafted IKE V2 messages to the affected products. Due to the insufficient validation of the messages, successful exploit will cause invalid memory access and result in a denial of service on the affected products. | |||||
| CVE-2017-8977 | 1 Hp | 1 Moonshot Provisioning Manager Appliance | 2018-03-09 | 8.5 HIGH | 9.1 CRITICAL |
| A Remote Denial of Service vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found. | |||||
| CVE-2017-8975 | 1 Hp | 1 Moonshot Provisioning Manager Appliance | 2018-03-09 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found. | |||||
| CVE-2017-8973 | 1 Hp | 1 Matrix Operating Environment | 2018-03-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| An improper input validation vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found. | |||||
| CVE-2017-5808 | 1 Hp | 1 Data Protector | 2018-03-07 | 7.8 HIGH | 7.5 HIGH |
| A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found. | |||||
| CVE-2017-5794 | 1 Hp | 1 Intelligent Management Center | 2018-03-07 | 9.0 HIGH | 8.8 HIGH |
| A Remote Arbitrary File Download vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found. | |||||
| CVE-2017-5793 | 1 Hp | 1 Intelligent Management Center | 2018-03-07 | 9.0 HIGH | 8.8 HIGH |
| A Remote Arbitrary Code Execution vulnerability in HPE Intelligent Management Center (IMC) PLAT version 7.2 E0403P06 was found. | |||||
| CVE-2017-8260 | 1 Google | 1 Android | 2018-03-07 | 6.8 MEDIUM | 7.8 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later. | |||||