Search
Total
9231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2270 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Vm Server and 1 more | 2017-07-01 | 4.6 MEDIUM | 6.8 MEDIUM |
| Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings. | |||||
| CVE-2015-4652 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2017-07-01 | 4.3 MEDIUM | N/A |
| epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the de_emerg_num_list and de_bcd_num functions. | |||||
| CVE-2012-3495 | 2 Citrix, Xen | 2 Xenserver, Xen | 2017-07-01 | 6.1 MEDIUM | N/A |
| The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors. | |||||
| CVE-2013-4788 | 1 Gnu | 2 Eglibc, Glibc | 2017-07-01 | 5.1 MEDIUM | N/A |
| The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address. | |||||
| CVE-2012-6656 | 3 Canonical, Debian, Gnu | 3 Ubuntu Linux, Debian Linux, Glibc | 2017-07-01 | 5.0 MEDIUM | N/A |
| iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a multibyte character value of "0xffff" to the iconv function when converting IBM930 encoded data to UTF-8. | |||||
| CVE-2015-7036 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-07-01 | 7.5 HIGH | N/A |
| The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument. | |||||
| CVE-2014-9764 | 2 Debian, Enlightenment | 2 Debian Linux, Imlib2 | 2017-07-01 | 5.0 MEDIUM | 7.5 HIGH |
| imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a crafted GIF file. | |||||
| CVE-2014-9762 | 2 Debian, Enlightenment | 2 Debian Linux, Imlib2 | 2017-07-01 | 5.0 MEDIUM | 7.5 HIGH |
| imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a GIF image without a colormap. | |||||
| CVE-2014-2899 | 1 Yassl | 1 Cyassl | 2017-07-01 | 5.0 MEDIUM | N/A |
| wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2) a client_key_exchange message when the ephemeral key is not found. | |||||
| CVE-2015-1609 | 2 Fedoraproject, Mongodb | 2 Fedora, Mongodb | 2017-07-01 | 5.0 MEDIUM | N/A |
| MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request. | |||||
| CVE-2015-3182 | 1 Wireshark | 1 Wireshark | 2017-07-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2014-9597 | 1 Videolan | 1 Vlc Media Player | 2017-07-01 | 6.8 MEDIUM | N/A |
| The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (DEP violation and application crash) via a crafted FLV file. | |||||
| CVE-2014-9598 | 1 Videolan | 1 Vlc Media Player | 2017-07-01 | 6.8 MEDIUM | N/A |
| The picture_Release function in misc/picture.c in VideoLAN VLC media player 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service (write access violation) via a crafted M2V file. | |||||
| CVE-2015-4556 | 1 Call-cc | 1 Chicken | 2017-07-01 | 5.0 MEDIUM | 7.5 HIGH |
| The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash). | |||||
| CVE-2017-9741 | 1 Projectsend | 1 Projectsend | 2017-06-29 | 7.5 HIGH | 9.8 CRITICAL |
| install/make-config.php in ProjectSend r754 allows remote attackers to execute arbitrary PHP code via the dbprefix parameter, related to replacing TABLES_PREFIX in the configuration file. | |||||
| CVE-2017-5697 | 1 Intel | 1 Active Management Technology Firmware | 2017-06-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remote attacker to hijack users web clicks via attacker's crafted web page. | |||||
| CVE-2016-6877 | 1 Citrix | 1 Xenmobile Server | 2017-06-27 | 2.6 LOW | 5.3 MEDIUM |
| ** DISPUTED ** Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "our internal analysis of this issue concluded that this was not a valid vulnerability" because an exploitation scenario would involve a man-in-the-middle attack against a TLS session. | |||||
| CVE-2017-6667 | 1 Cisco | 1 Context Service Development Kit | 2017-06-26 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthenticated, remote attacker to execute arbitrary code on the affected device with the privileges of the web server. More Information: CSCvb66730. Known Affected Releases: 2.0. | |||||
| CVE-2015-3913 | 1 Huawei | 44 S12700, S12700 Firmware, S2300 and 41 more | 2017-06-22 | 7.8 HIGH | 7.5 HIGH |
| The IP stack in multiple Huawei Campus series switch models allows remote attackers to cause a denial of service (reboot) via a crafted ICMP request message. | |||||
| CVE-2017-6680 | 1 Cisco | 1 Ultra Services Framework | 2017-06-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the AutoVNF logging function of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to create arbitrary directories on the affected system. More Information: CSCvc76652. Known Affected Releases: 21.0.0. | |||||
| CVE-2017-8555 | 1 Microsoft | 2 Edge, Windows 10 | 2017-06-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8523 and CVE-2017-8530. | |||||
| CVE-2017-6674 | 1 Cisco | 1 Firesight System | 2017-06-20 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device. More Information: CSCvb16413. Known Affected Releases: 6.0.1 6.1.0 6.2.0 6.2.1. Known Fixed Releases: 6.2.1 6.2.0.1 6.1.0.2. | |||||
| CVE-2017-7676 | 1 Apache | 1 Ranger | 2017-06-19 | 7.5 HIGH | 9.8 CRITICAL |
| Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '*' wildcard character - like my*test, test*.txt. This can result in unintended behavior. | |||||
| CVE-2015-1379 | 1 Dest-unreach | 1 Socat | 2017-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash). | |||||
| CVE-2017-7564 | 1 Arm | 1 Arm Trusted Firmware | 2017-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service (secure world panic) via vectors involving debug exceptions and debug registers. | |||||
| CVE-2016-7821 | 1 Buffalotech | 2 Wnc01wh, Wnc01wh Firmware | 2017-06-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allow remote attackers to cause a denial of service against the management screen via unspecified vectors. | |||||
| CVE-2017-2179 | 1 Ipa | 1 Appgoat | 2017-06-14 | 6.8 MEDIUM | 8.8 HIGH |
| Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allows remote code execution via unspecified vectors, a different vulnerability than CVE-2017-2181 and CVE-2017-2182. | |||||
| CVE-2015-8538 | 1 Libdwarf Project | 1 Libdwarf | 2017-06-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV). | |||||
| CVE-2016-9157 | 1 Siemens | 1 Sicam Pas | 2017-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by sending specially crafted packets to port 19234/TCP. | |||||
| CVE-2016-9156 | 1 Siemens | 1 Sicam Pas | 2017-06-13 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to upload, download, or delete files in certain parts of the file system by sending specially crafted packets to port 19235/TCP. | |||||
| CVE-2016-9977 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2017-06-12 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 120253. | |||||
| CVE-2015-3830 | 1 Google | 1 Android | 2017-06-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| The stock Android browser address bar in all Android operating systems suffers from Address Bar Spoofing, which allows remote attackers to trick a victim by displaying a malicious page for legitimate domain names. | |||||
| CVE-2017-7669 | 1 Apache | 1 Hadoop | 2017-06-09 | 8.5 HIGH | 7.5 HIGH |
| In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root. | |||||
| CVE-2017-9303 | 1 Laravel | 1 Laravel | 2017-06-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host. | |||||
| CVE-2017-0373 | 1 Config-model Project | 1 Config-model | 2017-06-08 | 6.8 MEDIUM | 7.3 HIGH |
| The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous "use lib" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file. | |||||
| CVE-2015-5401 | 1 Teradata | 2 Teradata Express, Teradata Gateway | 2017-06-06 | 5.0 MEDIUM | 7.5 HIGH |
| Teradata Gateway before 15.00.03.02-1 and 15.10.x before 15.10.00.01-1 and TD Express before 15.00.02.08_Sles10 and 15.00.02.08_Sles11 allow remote attackers to cause a denial of service (database crash) via a malformed CONFIG REQUEST message. | |||||
| CVE-2017-0350 | 1 Nvidia | 1 Gpu Driver | 2017-06-05 | 7.2 HIGH | 7.8 HIGH |
| All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used in an offset calculation may lead to denial of service or potential escalation of privileges. | |||||
| CVE-2017-9046 | 1 Pmail | 1 Pegasus | 2017-06-02 | 4.4 MEDIUM | 7.3 HIGH |
| winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed locally. For example, if ssgp.dll is on the desktop and executes arbitrary code in the DllMain function, then clicking on a mailto: link on a remote web page triggers the attack. | |||||
| CVE-2017-9188 | 1 Autotrace Project | 1 Autotrace | 2017-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| libautotrace.a in AutoTrace 0.31.1 has a "left shift ... cannot be represented in type int" issue in input-bmp.c:516:63. | |||||
| CVE-2017-9131 | 1 Mimosa | 2 Backhaul Radios, Client Radios | 2017-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. By connecting to the Mosquitto broker on an access point and one of its clients, an attacker can gather enough information to craft a command that reboots the client remotely when sent to the client's Mosquitto broker, aka "unauthenticated remote command execution." This command can be re-sent endlessly to act as a DoS attack on the client. | |||||
| CVE-2017-5215 | 1 Codextrous | 1 B2j Contact | 2017-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a rename attack that bypasses a "safe file extension" protection mechanism, leading to remote code execution. | |||||
| CVE-2017-0171 | 1 Microsoft | 3 Windows Server 2008, Windows Server 2012, Windows Server 2016 | 2017-05-25 | 4.3 MEDIUM | 5.9 MEDIUM |
| Windows DNS Server allows a denial of service vulnerability when Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 are configured to answer version queries, aka "Windows DNS Server Denial of Service Vulnerability". | |||||
| CVE-2017-0346 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2017-05-25 | 7.2 HIGH | 7.8 HIGH |
| All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges. | |||||
| CVE-2017-0355 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2017-05-25 | 4.9 MEDIUM | 5.5 MEDIUM |
| All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where it may access paged memory while holding a spinlock, leading to a denial of service. | |||||
| CVE-2017-9043 | 1 Gnu | 1 Binutils | 2017-05-25 | 6.8 MEDIUM | 7.8 HIGH |
| readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file. | |||||
| CVE-2016-7998 | 1 Spip | 1 Spip | 2017-05-24 | 6.5 MEDIUM | 8.8 HIGH |
| The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action. | |||||
| CVE-2017-7213 | 1 Zohocorp | 1 Manageengine Desktop Central | 2017-05-23 | 10.0 HIGH | 10.0 CRITICAL |
| Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors. | |||||
| CVE-2017-8933 | 1 Libmenu-cache Project | 1 Libmenu-cache | 2017-05-23 | 2.1 LOW | 3.3 LOW |
| Libmenu-cache 1.0.2 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (menu unavailability). | |||||
| CVE-2017-8934 | 1 Pcmanfm Project | 1 Pcmanfm | 2017-05-23 | 2.1 LOW | 5.5 MEDIUM |
| PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (application unavailability). | |||||
| CVE-2014-2111 | 1 Cisco | 1 Ios | 2017-05-23 | 7.1 HIGH | N/A |
| The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCue00996. | |||||