Search
Total
9231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2113 | 1 Cisco | 2 Ios, Ios Xe | 2017-05-23 | 7.8 HIGH | N/A |
| Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 before 3.7.5S; and 3.8, 3.9, and 3.10 before 3.10.2S allow remote attackers to cause a denial of service (I/O memory consumption and device reload) via a malformed IPv6 packet, aka Bug ID CSCui59540. | |||||
| CVE-2014-2109 | 1 Cisco | 1 Ios | 2017-05-23 | 7.8 HIGH | N/A |
| The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted TCP packets, aka Bug IDs CSCuh33843 and CSCuj41494. | |||||
| CVE-2016-4868 | 1 Cybozu | 1 Office | 2017-05-23 | 4.3 MEDIUM | 4.3 MEDIUM |
| Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests. | |||||
| CVE-2014-2112 | 1 Cisco | 1 Ios | 2017-05-23 | 7.8 HIGH | N/A |
| The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP requests, aka Bug ID CSCuf51357. | |||||
| CVE-2017-0354 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2017-05-17 | 4.7 MEDIUM | 4.7 MEDIUM |
| All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where a call to certain function requiring lower IRQL can be made under raised IRQL which may lead to a denial of service. | |||||
| CVE-2017-0353 | 1 Nvidia | 1 Gpu Driver | 2017-05-17 | 4.9 MEDIUM | 5.5 MEDIUM |
| All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where due to improper locking on certain conditions may lead to a denial of service | |||||
| CVE-2017-7428 | 1 Netiq | 1 Imanager | 2017-05-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with Tomcat. | |||||
| CVE-2017-7440 | 1 Kerio | 2 Connect, Connect Client Desktop Application For Windows And Mac | 2017-05-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message. | |||||
| CVE-2016-9692 | 1 Ibm | 1 Websphere Cast Iron Solution | 2017-05-12 | 7.8 HIGH | 8.6 HIGH |
| IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 119516. | |||||
| CVE-2017-6551 | 1 Pexip | 1 Pexip Infinity | 2017-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| Pexip Infinity before 14.2 allows remote attackers to cause a denial of service (service restart) or execute arbitrary code via vectors related to Conferencing Nodes. | |||||
| CVE-2017-2154 | 1 Justsystems | 9 Hanako, Hanako Police, Hanako Pro and 6 more | 2017-05-12 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Hanako 2017, Hanako 2016, Hanako 2015, Hanako Pro 3, JUST Office 3 [Standard], JUST Office 3 [Eco Print Package], JUST Office 3 & Tri-De DataProtect Package, JUST Government 3, JUST Jump Class 2, JUST Frontier 3, JUST School 6 Premium, Hanako Police 5, JUST Police 3, Hanako 2017 trial version allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2015-0642 | 1 Cisco | 2 Ios, Ios Xe | 2017-05-12 | 7.8 HIGH | N/A |
| Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of service (device reload) by sending malformed IKEv2 packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum36951. | |||||
| CVE-2017-2153 | 1 Seil | 10 B1, B1 Firmware, Bpv 4 and 7 more | 2017-05-11 | 5.0 MEDIUM | 7.5 HIGH |
| SEIL/x86 Fuji 1.70 to 5.62, SEIL/BPV4 5.00 to 5.62, SEIL/X1 1.30 to 5.62, SEIL/X2 1.30 to 5.62, SEIL/B1 1.00 to 5.62 allows remote attackers to cause a denial of service via specially crafted IPv4 UDP packets. | |||||
| CVE-2017-8288 | 1 Gnome | 1 Gnome-shell | 2017-05-10 | 6.8 MEDIUM | 8.1 HIGH |
| gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what applications you have opened or what music you were playing), or even execute arbitrary commands. It all depends on what extensions a user has enabled. The problem is caused by lack of exception handling in js/ui/extensionSystem.js. | |||||
| CVE-2017-8219 | 1 Tp-link | 4 C2, C20i, C20i Firmware and 1 more | 2017-05-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI. | |||||
| CVE-2014-9907 | 1 Imagemagick | 1 Imagemagick | 2017-05-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file. | |||||
| CVE-2017-2100 | 1 Ipa | 1 Appgoat | 2017-05-05 | 6.8 MEDIUM | 6.3 MEDIUM |
| Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.1 and earlier allows remote attackers to conduct DNS rebinding attacks via unspecified vectors. | |||||
| CVE-2016-9693 | 1 Ibm | 2 Business Process Manager, Websphere | 2017-05-02 | 6.8 MEDIUM | 6.1 MEDIUM |
| IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considered executable and cause damage on the victim's machine. IBM Reference #: 1998655. | |||||
| CVE-2014-2522 | 2 Haxx, Microsoft | 3 Curl, Libcurl, Windows | 2017-04-29 | 4.0 MEDIUM | N/A |
| curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. | |||||
| CVE-2016-4841 | 1 Cybozu | 1 Mailwise | 2017-04-27 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers. | |||||
| CVE-2016-4862 | 1 Cs-cart | 1 Cs-cart | 2017-04-26 | 6.5 MEDIUM | 8.8 HIGH |
| Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers. | |||||
| CVE-2017-7979 | 1 Linux | 1 Linux Kernel | 2017-04-26 | 7.2 HIGH | 7.8 HIGH |
| The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via "tc filter add" commands in certain contexts. NOTE: this does not affect stable kernels, such as 4.10.x, from kernel.org. | |||||
| CVE-2017-7892 | 1 Capnproto | 1 Capnproto | 2017-04-25 | 5.0 MEDIUM | 7.5 HIGH |
| Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit libcapnp application because Cap'n Proto relies on pointer arithmetic calculations that overflow. An example compiler with optimization that elides a bounds check in such calculations is Apple LLVM version 8.1.0 (clang-802.0.41). The attack vector is a crafted far pointer within a message. | |||||
| CVE-2017-1161 | 1 Ibm | 1 Api Connect | 2017-04-25 | 7.5 HIGH | 7.3 HIGH |
| IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the privileges of the www-data user. IBM X-Force ID: 122956. | |||||
| CVE-2016-2567 | 1 Samsung | 4 Galaxy Note 3, Galaxy Note 3 Firmware, Galaxy S6 and 1 more | 2017-04-25 | 2.1 LOW | 3.3 LOW |
| secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an "exceptional URL" in the query string, as demonstrated by the http://should-have-been-filtered.example.com/?http://google.com URL. | |||||
| CVE-2015-7740 | 1 Huawei | 4 P7, P7 Firmware, P8 Ale-ul00 and 1 more | 2017-04-25 | 4.9 MEDIUM | 5.5 MEDIUM |
| Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application that passes crafted input to the GPU driver. | |||||
| CVE-2016-9278 | 1 Samsung | 1 Exynos Fimg2d Driver | 2017-04-25 | 4.9 MEDIUM | 5.5 MEDIUM |
| The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows local users to cause a denial of service (kernel panic) via a crafted ioctl command. The Samsung ID is SVE-2016-6736. | |||||
| CVE-2017-7283 | 1 Unitrends | 1 Enterprise Backup | 2017-04-24 | 9.0 HIGH | 8.8 HIGH |
| An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in api/includes/restore.php. | |||||
| CVE-2010-1821 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-04-21 | 7.2 HIGH | 7.8 HIGH |
| Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows local users to obtain system privileges. | |||||
| CVE-2017-2989 | 1 Adobe | 1 Campaign | 2017-04-20 | 7.5 HIGH | 9.1 CRITICAL |
| Adobe Campaign versions Build 8770 and earlier have an input validation bypass that could be exploited to read, write, or delete data from the Campaign database. | |||||
| CVE-2017-7280 | 1 Unitrends | 1 Enterprise Backup | 2017-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in api/includes/systems.php in Unitrends Enterprise Backup before 9.0.0. User input is not properly filtered before being sent to a popen function. This allows for remote code execution by sending a specially crafted user variable. | |||||
| CVE-2016-4898 | 1 Novastor | 1 Novabackup Datacenter | 2017-04-19 | 10.0 HIGH | 9.8 CRITICAL |
| The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors. | |||||
| CVE-2016-4899 | 1 Novastor | 1 Novabackup Datacenter | 2017-04-19 | 10.0 HIGH | 9.8 CRITICAL |
| The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors. | |||||
| CVE-2017-0179 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Server 2012 and 1 more | 2017-04-18 | 6.3 MEDIUM | 5.8 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186. | |||||
| CVE-2017-0182 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Server 2008 and 2 more | 2017-04-18 | 6.3 MEDIUM | 5.8 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186. | |||||
| CVE-2017-0183 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Server 2008 and 2 more | 2017-04-18 | 6.3 MEDIUM | 5.8 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186. | |||||
| CVE-2017-0186 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Server 2012 and 1 more | 2017-04-18 | 6.3 MEDIUM | 5.8 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, and CVE-2017-0185. | |||||
| CVE-2017-0178 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Server 2012 and 1 more | 2017-04-18 | 5.2 MEDIUM | 5.4 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V running on Windows 10, Windows 10 1511, Windows 10 1607, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186. | |||||
| CVE-2017-0184 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Server 2008 and 2 more | 2017-04-18 | 5.2 MEDIUM | 5.4 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V running on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0185, and CVE-2017-0186. | |||||
| CVE-2015-7893 | 1 Samsung | 1 Galaxy S6 | 2017-04-17 | 6.8 MEDIUM | 8.8 HIGH |
| SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript. | |||||
| CVE-2016-7957 | 1 Wireshark | 1 Wireshark | 2017-04-17 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-btl2cap.c by avoiding use of a seven-byte memcmp for potentially shorter strings. | |||||
| CVE-2016-7958 | 1 Wireshark | 1 Wireshark | 2017-04-17 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.2.0, the NCP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/CMakeLists.txt by registering this dissector. | |||||
| CVE-2016-6878 | 1 Botan Project | 1 Botan | 2017-04-15 | 7.5 HIGH | 9.8 CRITICAL |
| The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have unspecified impact via vectors related to undefined behavior, as demonstrated on 32-bit ARM systems compiled by Clang. | |||||
| CVE-2016-1517 | 1 Opencv | 1 Opencv | 2017-04-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| OpenCV 3.0.0 allows remote attackers to cause a denial of service (segfault) via vectors involving corrupt chunks. | |||||
| CVE-2017-3889 | 1 Cisco | 1 Registered Envelope Service | 2017-04-14 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to redirect a user to a undesired web page, aka an Open Redirect. This vulnerability affects the Cisco Registered Envelope cloud-based service. More Information: CSCvc60123. Known Affected Releases: 5.1.0-015. | |||||
| CVE-2017-7604 | 1 Libaacplus Project | 1 Libaacplus | 2017-04-13 | 6.8 MEDIUM | 7.8 HIGH |
| au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. | |||||
| CVE-2015-1612 | 1 Opendaylight | 1 Openflow | 2017-04-11 | 5.0 MEDIUM | 7.5 HIGH |
| OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka "LLDP Relay." | |||||
| CVE-2015-1611 | 1 Opendaylight | 1 Openflow | 2017-04-11 | 5.0 MEDIUM | 7.5 HIGH |
| OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to "fake LLDP injection." | |||||
| CVE-2017-6181 | 1 Ruby-lang | 1 Ruby | 2017-04-11 | 5.0 MEDIUM | 7.5 HIGH |
| The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression. | |||||
| CVE-2017-0888 | 1 Nextcloud | 1 Nextcloud | 2017-04-11 | 4.3 MEDIUM | 4.3 MEDIUM |
| Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information. | |||||