Total
9733 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-10391 | 1 Google | 1 Android | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
In all Qualcomm products with Android releases from CAF using the Linux kernel, the length in an HCI command is not properly checked for validity. | |||||
CVE-2017-0874 | 1 Google | 1 Android | 2024-02-28 | 7.1 HIGH | 6.5 MEDIUM |
A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63315932. | |||||
CVE-2017-2298 | 1 Puppet | 1 Mcollective-sshkey-security | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. A compromised server could use this to write a file to an arbitrary location on the client with the filename appended with the string "_pub.pem". | |||||
CVE-2017-0672 | 1 Google | 1 Android | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
A denial of service vulnerability in the Android libraries. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-34778578. | |||||
CVE-2017-14965 | 1 Ikarussecurity | 1 Anti.virus | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000cc. | |||||
CVE-2017-15879 | 1 Keystonejs | 1 Keystone | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export. | |||||
CVE-2017-6770 | 1 Cisco | 7 Adaptive Security Appliance Software, Ios, Ios Xe and 4 more | 2024-02-28 | 4.0 MEDIUM | 4.2 MEDIUM |
Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software 7.0.1 through 9.7.1.2, NX-OS 4.0 through 12.0, and IOS XE 3.6 through 3.18 are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database. This vulnerability could allow an unauthenticated, remote attacker to take full control of the OSPF Autonomous System (AS) domain routing table, allowing the attacker to intercept or black-hole traffic. The attacker could exploit this vulnerability by injecting crafted OSPF packets. Successful exploitation could cause the targeted router to flush its routing table and propagate the crafted OSPF LSA type 1 update throughout the OSPF AS domain. To exploit this vulnerability, an attacker must accurately determine certain parameters within the LSA database on the target router. This vulnerability can only be triggered by sending crafted unicast or multicast OSPF LSA type 1 packets. No other LSA type packets can trigger this vulnerability. OSPFv3 is not affected by this vulnerability. Fabric Shortest Path First (FSPF) protocol is not affected by this vulnerability. Cisco Bug IDs: CSCva74756, CSCve47393, CSCve47401. | |||||
CVE-2015-9033 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
In all Android releases from CAF using the Linux kernel, a QTEE system call fails to validate a pointer. | |||||
CVE-2017-12426 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import. | |||||
CVE-2015-3215 | 1 Redhat | 1 Virtio-win | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The NetKVM Windows Virtio driver allows remote attackers to cause a denial of service (guest crash) via a crafted length value in an IP packet, as demonstrated by a value that does not account for the size of the IP options. | |||||
CVE-2017-2722 | 1 Huawei | 16 Dp300, Dp300 Firmware, Ecns210 Td and 13 more | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
DP300 V500R002C00,TE60 with software V100R001C01, V100R001C10, V100R003C00, V500R002C00 and V600R006C00,TP3106 with software V100R001C06 and V100R002C00,ViewPoint 9030 with software V100R011C02, V100R011C03,eCNS210_TD with software V100R004C10,eSpace 7950 with software V200R003C00 and V200R003C30,eSpace IAD with software V300R001C07SPCa00 and V300R002C01SPCb00,eSpace U1981 with software V100R001C20, V100R001C30, V200R003C00, V200R003C20 and V200R003C30 have an input validation vulnerability.A remote attacker may exploit this vulnerability by crafting a malformed packet and sending it to the device. A successful exploit could allow the attacker to cause a denial of service or execute arbitrary code. | |||||
CVE-2017-1000001 | 1 Fedoraproject | 1 Fedmsg | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on. | |||||
CVE-2017-5093 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page. | |||||
CVE-2017-8704 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-02-28 | 4.9 MEDIUM | 5.3 MEDIUM |
The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability". | |||||
CVE-2017-12676 | 1 Imagemagick | 1 Imagemagick | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service. | |||||
CVE-2017-8143 | 1 Huawei | 4 Honor 5c, Honor 5c Firmware, P9 Lite and 1 more | 2024-02-28 | 7.1 HIGH | 5.5 MEDIUM |
Wi-Fi driver of Honor 5C and P9 Lite Huawei smart phones with software versions earlier than NEM-L21C432B351 and versions earlier than VNS-L21C10B381 has a DoS vulnerability. An attacker may trick a user into installing a malicious application and the application can access invalid address of driver to crash the system. | |||||
CVE-2017-0878 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 8.0. Android ID A-65186291. | |||||
CVE-2017-14944 | 1 Inedo | 1 Proget | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060. | |||||
CVE-2017-1000469 | 1 Cobbler Project | 1 Cobbler | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user. | |||||
CVE-2017-1000230 | 1 Snap7 Project | 1 Snap7 Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulting in denial of service attack. |