Total
9737 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-6629 | 1 Micropoint | 1 Proactive Defense | 2024-02-28 | 6.1 MEDIUM | 7.8 HIGH |
In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80000118. | |||||
CVE-2018-5503 | 1 F5 | 1 Big-ip Policy Enforcement Manager | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
On F5 BIG-IP versions 13.0.0 - 13.1.0.3 or 12.0.0 - 12.1.3.1, TMM may restart when processing a specifically crafted page through a virtual server with an associated PEM policy that has content insertion as an action. | |||||
CVE-2018-5517 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs. | |||||
CVE-2015-9115 | 1 Qualcomm | 30 Mdm9625, Mdm9625 Firmware, Sd 410 and 27 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, and SD 820A, no address argument validation is performed on calls to the qsee_prng_getdata syscall. | |||||
CVE-2012-5360 | 1 Ffmpeg | 1 Ffmpeg | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted QT file. | |||||
CVE-2017-7829 | 4 Canonical, Debian, Mozilla and 1 more | 8 Ubuntu Linux, Debian Linux, Thunderbird and 5 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2. | |||||
CVE-2018-8954 | 1 Ca | 1 Workload Control Center | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
CA Workload Control Center before r11.4 SP6 allows remote attackers to execute arbitrary code via a crafted HTTP request. | |||||
CVE-2017-13301 | 1 Google | 1 Android | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0. Android ID: A-66498711. | |||||
CVE-2017-12181 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | |||||
CVE-2016-5298 | 2 Google, Mozilla | 2 Android, Firefox | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox < 50. | |||||
CVE-2017-12490 | 1 Hp | 1 Intelligent Management Center | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version. | |||||
CVE-2018-5955 | 1 Smartmobilesoftware | 1 Gitstack | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI. | |||||
CVE-2017-16013 | 1 Hapijs | 1 Hapi | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
hapi is a web and services application framework. When hapi >= 15.0.0 <= 16.1.0 encounters a malformed `accept-encoding` header an uncaught exception is thrown. This may cause hapi to crash or to hang the client connection until the timeout period is reached. | |||||
CVE-2017-12701 | 1 Cpap | 2 Luna Cpap Machine, Luna Cpap Machine Firmware | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
BMC Medical Luna CPAP Machines released prior to July 1, 2017, contain an improper input validation vulnerability which may allow an authenticated attacker to crash the CPAP's Wi-Fi module resulting in a denial-of-service condition. | |||||
CVE-2018-5513 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, a malformed TLS handshake causes TMM to crash leading to a disruption of service. This issue is only exposed on the data plane when Proxy SSL configuration is enabled. The control plane is not impacted by this issue. | |||||
CVE-2017-12473 | 1 Ccn-lite | 1 Ccn-lite | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
ccnl_ccntlv_bytes2pkt in CCN-lite allows context-dependent attackers to cause a denial of service (application crash) via vectors involving packets with "wrong L values." | |||||
CVE-2018-9002 | 1 Iobit | 1 Advanced Systemcare Ultimate | 2024-02-28 | 6.1 MEDIUM | 7.8 HIGH |
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060cc. | |||||
CVE-2018-5111 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
When the text of a specially formatted URL is dragged to the addressbar from page content, the displayed URL can be spoofed to show a different site than the one loaded. This allows for phishing attacks where a malicious page can spoof the identify of another site. This vulnerability affects Firefox < 58. | |||||
CVE-2017-14892 | 1 Google | 1 Android | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
In the function msm_pcm_hw_params() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-09-19, the return value of q6asm_open_shared_io() is not checked properly potentially leading to a possible dangling pointer access. | |||||
CVE-2018-5753 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev20 allows remote attackers to spoof the origin of e-mails via unicode characters in the "personal part" of a (1) From or (2) Sender address. |