Total
9734 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0072 | 1 Apache | 2 Cordova, Cordova File Transfer | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through 2.9.0 might allow remote attackers to spoof SSL servers by leveraging a default value of true for the trustAllHosts option. | |||||
| CVE-2017-12287 | 1 Cisco | 3 Expressway, Telepresence Conductor, Telepresence Video Communication Server | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the cluster database (CDB) management component of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to cause the CDB process on an affected system to restart unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to incomplete input validation of URL requests by the REST API of the affected software. An attacker could exploit this vulnerability by sending a crafted URL to the REST API of the affected software on an affected system. A successful exploit could allow the attacker to cause the CDB process on the affected system to restart unexpectedly, resulting in a temporary DoS condition. Cisco Bug IDs: CSCve77571. | |||||
| CVE-2017-13685 | 1 Sqlite | 1 Sqlite | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file. | |||||
| CVE-2017-5090 | 2 Apple, Google | 2 Macos, Chrome | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.115 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name containing a U+0620 character, aka Apple rdar problem 32458012. | |||||
| CVE-2015-0853 | 1 Pysvn Project | 1 Svn-workbench | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
| svn-workbench 1.6.2 and earlier on a system with xeyes installed allows local users to execute arbitrary commands by using the "Command Shell" menu item while in the directory trunk/$(xeyes). | |||||
| CVE-2017-17065 | 1 Dlink | 2 Dir-605l Model B, Dir-605l Model B Firmware | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06_hbrf devices, related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service (device crash) or possibly have unspecified other impact by sending a sufficiently long string in the password field of the HTTP Basic Authentication section of the HTTP request. | |||||
| CVE-2017-10868 | 1 Dena | 1 H2o | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header. | |||||
| CVE-2017-8599 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". | |||||
| CVE-2017-7085 | 1 Apple | 2 Iphone Os, Safari | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar. | |||||
| CVE-2017-13767 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation. | |||||
| CVE-2015-9048 | 1 Google | 1 Android | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of lost RTP packets. | |||||
| CVE-2018-5713 | 1 Malwarefox | 1 Anti-malware | 2024-02-28 | 6.1 MEDIUM | 7.8 HIGH |
| In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80002010. | |||||
| CVE-2017-12297 | 1 Cisco | 1 Webex Meeting Center | 2024-02-28 | 4.0 MEDIUM | 5.0 MEDIUM |
| A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts, aka a "URL Redirection Vulnerability." The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco WebEx Meeting Center. An attacker could exploit this vulnerability by sending a malicious URL to the Cisco WebEx Meeting Center. An exploit could allow the attacker to connect to arbitrary hosts. Cisco Bug IDs: CSCvf63843. | |||||
| CVE-2017-0712 | 1 Google | 1 Android | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| A elevation of privilege vulnerability in the Android framework (wi-fi service). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37207928. | |||||
| CVE-2017-14696 | 1 Saltstack | 1 Salt | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request. | |||||
| CVE-2017-8025 | 1 Emc | 1 Archer Grc Platform | 2024-02-28 | 6.8 MEDIUM | 7.4 HIGH |
| RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary file upload vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to upload malicious files via attachments to arbitrary paths on the web server. | |||||
| CVE-2014-3498 | 1 Redhat | 1 Ansible | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands. | |||||
| CVE-2014-5362 | 1 Landesk | 1 Landesk Management Suite | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
| The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to (1) ldms/sm_actionfrm.asp or (2) remote/frm_coremainfrm.aspx; or the (3) top parameter to remote/frm_splitfrm.aspx. | |||||
| CVE-2017-5121 | 6 Apple, Debian, Google and 3 more | 8 Macos, Debian Linux, Chrome and 5 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase. | |||||
| CVE-2017-9938 | 1 Siemens | 1 Simatic Logon | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was discovered in Siemens SIMATIC Logon (All versions before V1.6) that could allow specially crafted packets sent to the SIMATIC Logon Remote Access service on port 16389/tcp to cause a Denial-of-Service condition. The service restarts automatically. | |||||