Total
9733 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-5081 | 1 K7computing | 1 Antivirus | 2024-02-28 | 6.1 MEDIUM | 7.8 HIGH |
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F0. | |||||
CVE-2017-7074 | 1 Apple | 1 Mac Os X | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "AppSandbox" component. It allows attackers to cause a denial of service via a crafted app. | |||||
CVE-2017-14968 | 1 Ikarussecurity | 1 Anti.virus | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000c4, a related issue to CVE-2017-17113. | |||||
CVE-2017-6255 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an improper input parameter handling may lead to a denial of service or potential escalation of privileges. | |||||
CVE-2017-12328 | 1 Cisco | 1 Ip Phone 8800 Series Firmware | 2024-02-28 | 5.0 MEDIUM | 5.8 MEDIUM |
A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts. All active phone calls are dropped as the SIP process restarts. The vulnerability is due to incomplete input validation of the SIP packet header. An attacker could exploit this vulnerability by sending a malformed SIP packet to a targeted phone. An exploit could allow the attacker to cause a DoS condition because all phone calls are dropped when the SIP process unexpectedly restarts. Cisco Bug IDs: CSCvc62590. | |||||
CVE-2017-15928 | 1 Ox Project | 1 Ox | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation fault when a crafted input is supplied to parse_obj. NOTE: the vendor has stated "Ox should handle the error more gracefully" but has not confirmed a security implication. | |||||
CVE-2017-1428 | 1 Ibm | 1 Cognos Analytics | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
IBM Cognos Analytics 11.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 127583. | |||||
CVE-2017-7121 | 1 Apple | 1 Mac Os X | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
CVE-2017-13735 | 1 Libraw | 1 Libraw | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. | |||||
CVE-2017-12843 | 2 Cyrusimap, Fedoraproject | 2 Cyrus Imap, Fedora | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command. | |||||
CVE-2016-4462 | 1 Apache | 1 Ofbiz | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted Freemarker template could be used for remote code execution. Mitigation: Upgrade to Apache OFBiz 16.11.01 | |||||
CVE-2017-12273 | 1 Cisco | 11 Aironet 1562 Firmware, Aironet 1562d, Aironet 1562e and 8 more | 2024-02-28 | 6.1 MEDIUM | 6.5 MEDIUM |
A vulnerability in 802.11 association request frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient frame validation of the 802.11 association request. An attacker could exploit this vulnerability by sending a malformed 802.11 association request to the targeted device. An exploit could allow the attacker to cause the AP to reload, resulting in a DoS condition while the AP is reloading. This vulnerability affects the following Cisco products running either the Lightweight AP Software or Mobility Express image: Aironet 1560 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Note: The Cisco Aironet 1560 Series Access Point device is supported as of release 8.3.112.0. Cisco Bug IDs: CSCve12189. | |||||
CVE-2017-12312 | 1 Cisco | 1 Advanced Malware Protection For Endpoints | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
An untrusted search path (aka DLL Preloading) vulnerability in the Cisco Immunet antimalware installer could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working directory where a crafted DLL has been placed by an attacker. The vulnerability is due to incomplete input validation of path and file names of a DLL file before it is loaded. An attacker could exploit this vulnerability by creating a malicious DLL file and installing it in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the SYSTEM account. An attacker would need valid user credentials to exploit this vulnerability. Cisco Bug IDs: CSCvf23928. | |||||
CVE-2017-13186 | 1 Google | 1 Android | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
A vulnerability in the Android media framework (libavc) related to incorrect use of mmco parameters. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65735716. | |||||
CVE-2017-3752 | 2 Ibm, Lenovo | 30 1\, 1g L2-7 Slb, Bladecenter and 27 more | 2024-02-28 | 4.3 MEDIUM | 8.2 HIGH |
An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain. | |||||
CVE-2017-1460 | 1 Ibm | 1 I | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue router spoofs its origin. Routing tables are affected by a missing LSA, which may lead to loss of connectivity. IBM X-Force ID: 128379. | |||||
CVE-2017-8611 | 1 Microsoft | 2 Edge, Windows 10 | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Microsoft Edge on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability." | |||||
CVE-2015-7705 | 4 Citrix, Netapp, Ntp and 1 more | 10 Xenserver, Clustered Data Ontap, Data Ontap and 7 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. | |||||
CVE-2016-0215 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, Solaris and Windows allow remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a subquery containing the AVG OLAP function on an Oracle compatible database. | |||||
CVE-2015-5175 | 1 Apache | 1 Cxf Fediz | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service. |