Total
9733 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-7083 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "CFNetwork Proxies" component. It allows remote attackers to cause a denial of service. | |||||
CVE-2016-10387 | 1 Google | 1 Android | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a handover scenario. | |||||
CVE-2017-17850 | 1 Digium | 2 Asterisk, Certified Asterisk | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point. | |||||
CVE-2017-6792 | 1 Cisco | 1 Prime Collaboration Provisioning | 2024-02-28 | 8.5 HIGH | 6.5 MEDIUM |
A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root. The vulnerability is due to lack of input validation of the parameters in BatchFileName and Directory. An attacker could exploit this vulnerability by manipulating the parameters of the batch action file function. Cisco Bug IDs: CSCvd61766. | |||||
CVE-2017-14914 | 1 Google | 1 Android | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, handles in the global client structure can become stale. | |||||
CVE-2014-9733 | 1 Nwjs | 1 Nw.js | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
nw.js before 0.11.5 can simulate user input events in a normal frame, which allows remote attackers to have unspecified impact via unknown vectors. | |||||
CVE-2017-9333 | 1 Openwebif Project | 1 Openwebif | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with a Trojan horse package. This has security implications in cases where untrusted users can trigger CallOPKG calls, and these users can enter an arbitrary URL in an input field, even though that input field was only intended for a package name. This threat model may be relevant in the latest versions of third-party products that bundle OpenWebif, i.e., set-top box products. The issue of Trojan horse packages does NOT have security implications in cases where the attacker has full OpenWebif access. | |||||
CVE-2017-2713 | 1 Huawei | 2 P9, P9 Firmware | 2024-02-28 | 4.8 MEDIUM | 5.4 MEDIUM |
HUAWEI P9 smartphones with software versions earlier before EVA-L09C432B383, versions earlier before EVA-L09C636B380, versions earlier before VIE-L09C432B370, versions earlier before VIE-L29C636B370 have an insufficient input validation vulnerability. An attacker could exploit this vulnerability to tamper with air interface signaling messages and obtain some communication information. | |||||
CVE-2017-9793 | 1 Apache | 1 Struts | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload. | |||||
CVE-2017-14961 | 1 Ikarussecurity | 1 Anti.virus | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300000c. | |||||
CVE-2017-1000014 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality | |||||
CVE-2017-9354 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address. | |||||
CVE-2017-6746 | 1 Cisco | 1 Web Security Appliance | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. Affected Products: Cisco AsyncOS Software 10.0 and later for WSA on both virtual and hardware appliances. More Information: CSCvd88862. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-235. | |||||
CVE-2016-7976 | 1 Artifex | 1 Ghostscript | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams. | |||||
CVE-2017-6141 | 1 F5 | 8 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Application Acceleration Manager and 5 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and WebSafe 12.1.0 through 12.1.2, certain values in a TLS abbreviated handshake when using a client SSL profile with the Session Ticket option enabled may cause disruption of service to the Traffic Management Microkernel (TMM). The Session Ticket option is disabled by default. | |||||
CVE-2017-17801 | 1 Tgsoft | 1 Vir.it Explorer | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273E060. | |||||
CVE-2017-3898 | 1 Mcafee | 1 Livesafe | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe (MLS) versions prior to 16.0.3 allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response. | |||||
CVE-2013-4366 | 1 Apache | 1 Httpclient | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification. | |||||
CVE-2015-2245 | 1 Huawei | 2 P7-l09, P7-l09 Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Huawei Ascend P7 allows remote attackers to cause a denial of service (phone process crash). | |||||
CVE-2014-1858 | 1 Numpy | 1 Numpy | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
__init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file. |