Total
9734 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10520 | 1 Jadedown Project | 1 Jadedown | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| jadedown is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in. | |||||
| CVE-2015-9241 | 1 Hapijs | 1 Hapi | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised. Instead of sending a HTTP 500 error back to the sender, hapi node module before 11.1.3 will continue to hold the socket open until timed out (default node timeout is 2 minutes). | |||||
| CVE-2017-16772 | 1 Synology | 1 Photo Station | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter. | |||||
| CVE-2018-1000617 | 1 Atlassian | 1 Floodlight Controller | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Atlassian Floodlight Atlassian Floodlight Controller version 1.2 and earlier versions contains a Denial of Service vulnerability in Forwarding module that can result in Improper type cast in Forwarding module allows remote attackers to cause a DoS(thread crash).. This attack appear to be exploitable via network connectivity (Remote attack). | |||||
| CVE-2017-16023 | 1 Decamelize Project | 1 Decamelize | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Decamelize is used to convert a dash/dot/underscore/space separated string to camelCase. Decamelize 1.1.0 through 1.1.1 uses regular expressions to evaluate a string and takes unescaped separator values, which can be used to create a denial of service attack. | |||||
| CVE-2017-9279 | 1 Netiq | 1 Identity Manager | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| NetIQ Identity Manager before 4.5.6.1 allowed uploading files with double extensions or non-image content in the Themes handling of the User Application Administration, allowing malicious user administrators to potentially execute code or mislead users. | |||||
| CVE-2018-4247 | 1 Apple | 2 Iphone Os, Safari | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a denial of service (persistent Safari outage) via a crafted web site. | |||||
| CVE-2017-15715 | 5 Apache, Canonical, Debian and 2 more | 8 Http Server, Ubuntu Linux, Debian Linux and 5 more | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
| In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename. | |||||
| CVE-2018-6523 | 1 Inca | 1 Nprotect Avs | 2024-02-28 | 6.1 MEDIUM | 7.8 HIGH |
| In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x22045c. | |||||
| CVE-2017-18052 | 1 Google | 1 Android | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for cmpl_params->num_reports, param_buf->desc_ids and param_buf->status in wma_mgmt_tx_bundle_completion_handler(), which is received from firmware, leads to potential out of bounds memory read. | |||||
| CVE-2018-3723 | 1 Defaults-deep Project | 1 Defaults-deep | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | |||||
| CVE-2018-6203 | 1 Escanav | 1 Anti-virus | 2024-02-28 | 6.1 MEDIUM | 7.8 HIGH |
| In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300210C. | |||||
| CVE-2018-9048 | 1 Windows Optimization Master Project | 1 Windows Optimization Master | 2024-02-28 | 6.1 MEDIUM | 7.8 HIGH |
| In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100282c. | |||||
| CVE-2015-9139 | 1 Qualcomm | 54 Mdm9206, Mdm9206 Firmware, Mdm9607 and 51 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 810, and SD 820, improper input validation can occur while negotiating an SSL handshake. | |||||
| CVE-2018-11411 | 1 Dimoncoin | 1 Dimoncoin | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The transferFrom function of a smart contract implementation for DimonCoin (FUD), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect. | |||||
| CVE-2018-12459 | 1 Ffmpeg | 1 Ffmpeg | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. | |||||
| CVE-2017-13302 | 1 Google | 1 Android | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0. Android ID: A-69969749. | |||||
| CVE-2017-5415 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by "blob:" as the protocol, leading to user confusion and further spoofing attacks. This vulnerability affects Firefox < 52. | |||||
| CVE-2018-7511 | 1 Eaton | 1 Elcsoft | 2024-02-28 | 6.8 MEDIUM | 5.3 MEDIUM |
| In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases where specially crafted files could cause a buffer overflow which, in turn, may allow remote execution of arbitrary code. | |||||
| CVE-2018-0264 | 1 Cisco | 4 Webex Business Suite 31, Webex Business Suite 32, Webex Meeting Server and 1 more | 2024-02-28 | 6.8 MEDIUM | 9.6 CRITICAL |
| A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user. An attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or open the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. The following client builds of Cisco WebEx Business Suite (WBS31 and WBS32), Cisco WebEx Meetings, and Cisco WebEx Meetings Server are affected: Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.4, Cisco WebEx Business Suite (WBS32) client builds prior to T32.12, Cisco WebEx Meetings with client builds prior to T32.12, Cisco WebEx Meeting Server builds prior to 3.0 Patch 1. Cisco Bug IDs: CSCvh85410, CSCvh85430, CSCvh85440, CSCvh85442, CSCvh85453, CSCvh85457. | |||||