Total
9734 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1858 | 1 Numpy | 1 Numpy | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| __init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2015-0234 | 1 Pki-core Project | 1 Pki-core | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple temporary file creation vulnerabilities in pki-core 10.2.0. | |||||
| CVE-2017-11665 | 1 Ffmpeg | 1 Ffmpeg | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream. | |||||
| CVE-2017-9242 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. | |||||
| CVE-2016-4461 | 2 Apache, Netapp | 2 Struts, Oncommand Balance | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785. | |||||
| CVE-2017-17802 | 1 Tgsoft | 1 Vir.it Explorer | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273E080. | |||||
| CVE-2015-3639 | 1 Phpmybackuppro | 1 Phpmybackuppro | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file. | |||||
| CVE-2017-6129 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumstances, APM tunneled VPN flows can cause a VPN/PPP connflow to be prematurely freed or cause TMM to stop responding with a "flow not in use" assertion. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group. | |||||
| CVE-2017-5092 | 3 Debian, Google, Microsoft | 3 Debian Linux, Chrome, Windows | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2014-4994 | 1 Gyazo Project | 1 Gyazo | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files via a symlink attack on a temporary file, related to time-based filenames. | |||||
| CVE-2017-2711 | 1 Huawei | 2 P9 Plus, P9 Plus Firmware | 2024-02-28 | 7.1 HIGH | 5.5 MEDIUM |
| P9 Plus smartphones with software earlier than VIE-AL10C00B352 versions have an input validation vulnerability in the touchscreen Driver. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system. | |||||
| CVE-2017-17796 | 1 Tgsoft | 1 Vir.it Explorer Lite | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x827300A4. | |||||
| CVE-2017-1696 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 134178. | |||||
| CVE-2017-0872 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65290323. | |||||
| CVE-2017-12223 | 1 Cisco | 2 Ir800 Integrated Services Router, Ir800 Integrated Services Router Firmware | 2024-02-28 | 6.9 MEDIUM | 6.4 MEDIUM |
| A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device and compromise the integrity of the system. The vulnerability is due to insufficient sanitization of user input. An attacker who can access an affected router via the console could exploit this vulnerability by entering ROMMON mode and modifying ROMMON variables. A successful exploit could allow the attacker to execute arbitrary code and install a malicious version of Hypervisor firmware on an affected device. Cisco Bug IDs: CSCvb44027. | |||||
| CVE-2017-11495 | 1 Phicomm | 2 K2\(psg1218\), K2\(psg1218\)-firmware | 2024-02-28 | 9.0 HIGH | 9.8 CRITICAL |
| PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticated remote code execution via a request to an unspecified ASP script; alternatively, the attacker can leverage unauthenticated access to this script to trigger a reboot via an ifType=reboot action. | |||||
| CVE-2017-1000201 | 1 Tcmu-runner Project | 1 Tcmu-runner | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack | |||||
| CVE-2017-9022 | 3 Canonical, Debian, Strongswan | 3 Ubuntu Linux, Debian Linux, Strongswan | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate. | |||||
| CVE-2017-14489 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation. | |||||
| CVE-2016-9263 | 1 Wordpress | 1 Wordpress | 2024-02-28 | 2.6 LOW | 4.7 MEDIUM |
| WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file. | |||||