Total
9737 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-8876 | 1 2345 Security Guard Project | 1 2345 Security Guard | 2024-02-28 | 6.1 MEDIUM | 7.8 HIGH |
In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222098. | |||||
CVE-2016-10235 | 1 Google | 1 Android | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A denial of service vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android kernel. Android ID: A-34390620. References: QC-CR#1046409. | |||||
CVE-2017-8977 | 1 Hp | 1 Moonshot Provisioning Manager Appliance | 2024-02-28 | 8.5 HIGH | 9.1 CRITICAL |
A Remote Denial of Service vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found. | |||||
CVE-2017-12070 | 1 Opcfoundation | 1 Ua-.net-legacy | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code. | |||||
CVE-2018-1013 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1012, CVE-2018-1015, CVE-2018-1016. | |||||
CVE-2018-2416 | 1 Sap | 1 Identity Management | 2024-02-28 | 5.5 MEDIUM | 5.4 MEDIUM |
SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted from an untrusted source. | |||||
CVE-2017-1516 | 1 Ibm | 1 Rational Doors | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 129826. | |||||
CVE-2018-7560 | 1 Aws-lambda-multipart-parser Project | 1 Aws-lambda-multipart-parser | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package before 0.1.2 has a Regular Expression Denial of Service (ReDoS) issue via a crafted multipart/form-data boundary string. | |||||
CVE-2018-1070 | 1 Redhat | 1 Openshift Container Platform | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard. | |||||
CVE-2016-10544 | 1 Uws Project | 1 Uws | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data will then inflate up to 256mb and crash the node process by exceeding V8's maximum string size. This affects uws >=0.10.0 <=0.10.8. | |||||
CVE-2017-7003 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (application crash) via a crafted file. | |||||
CVE-2018-5956 | 1 Zillya | 1 Zillya\! Antivirus | 2024-02-28 | 6.1 MEDIUM | 7.8 HIGH |
In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402414. | |||||
CVE-2018-11354 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling. | |||||
CVE-2018-1012 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016. | |||||
CVE-2018-7549 | 3 Canonical, Redhat, Zsh | 5 Ubuntu Linux, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. | |||||
CVE-2018-0868 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
Windows Installer in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how input is sanitized, aka "Windows Installer Elevation of Privilege Vulnerability". | |||||
CVE-2018-9007 | 1 Iobit | 1 Advanced Systemcare Ultimate | 2024-02-28 | 6.1 MEDIUM | 7.8 HIGH |
In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x86.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c4060c4. | |||||
CVE-2018-1169 | 1 Amazon | 1 Amazon Music | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Amazon Music Player 6.1.5.1213. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5521. | |||||
CVE-2017-15043 | 1 Sierrawireless | 20 Es440, Es440 Firmware, Es450 and 17 more | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allow an authenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. This vulnerability is due to insufficient input validation on user-controlled input in an HTTP request to the targeted device. An attacker in possession of router login credentials could exploit this vulnerability by sending a crafted HTTP request to an affected system. | |||||
CVE-2017-15831 | 1 Google | 1 Android | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function wma_ndp_end_indication_event_handler(), there is no input validation check on a event_info value coming from firmware, which can cause an integer overflow and then leads to potential heap overwrite. |