Total
9734 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-10397 | 1 Php | 1 Php | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c). | |||||
CVE-2017-5699 | 1 Intel | 2 Minnowboard 3, Minnowboard 3 Firmware | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Input validation error in Intel MinnowBoard 3 Firmware versions prior to 0.65 allow local attacker to cause denial of service via UEFI APIs. | |||||
CVE-2015-5209 | 1 Apache | 1 Struts | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object. | |||||
CVE-2017-13147 | 1 Graphicsmagick | 1 Graphicsmagick | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value. | |||||
CVE-2017-11407 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt. | |||||
CVE-2017-0689 | 1 Google | 1 Android | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36215950. | |||||
CVE-2017-8682 | 1 Microsoft | 10 Office 2007, Office 2010, Office Word Viewer and 7 more | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, Windows Server 2016, Microsoft Office Word Viewer, Microsoft Office 2007 Service Pack 3 , and Microsoft Office 2010 Service Pack 2 allows an attacker to execute remote code by the way it handles embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8683. | |||||
CVE-2017-7119 | 1 Apple | 1 Mac Os X | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | |||||
CVE-2017-11553 | 1 Exiv2 | 1 Exiv2 | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service. | |||||
CVE-2017-8664 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Server 2012 and 1 more | 2024-02-28 | 7.2 HIGH | 8.8 HIGH |
Windows Hyper-V in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability". | |||||
CVE-2017-16556 | 1 K7computing | 5 Antivirus, Endpoint, Internet Security and 2 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
In K7 Antivirus Premium before 15.1.0.53, user-controlled input can be used to allow local users to write to arbitrary memory locations. | |||||
CVE-2017-8699 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-28 | 7.6 HIGH | 7.0 HIGH |
Windows Shell in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to run arbitrary code in the context of the current user, due to the way that Windows Shell validates file copy destinations, aka "Windows Shell Remote Code Execution Vulnerability". | |||||
CVE-2017-0694 | 1 Google | 1 Android | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37093318. | |||||
CVE-2017-16547 | 1 Graphicsmagick | 1 Graphicsmagick | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file. | |||||
CVE-2017-12775 | 1 Question2answer | 1 Question2answer | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
qa-include/qa-install.php in Question2Answer before 1.7.5 allows remote attackers to create multiple user accounts. | |||||
CVE-2017-10700 | 1 Qnap | 1 Qts | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authenticated, remote attacker can execute arbitrary system commands as the root user of the NAS application. | |||||
CVE-2017-6656 | 1 Cisco | 1 Ip Phone 8800 Series | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
A vulnerability in Session Initiation Protocol (SIP) call handling of Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the SIP process unexpectedly restarting. All active phone calls are dropped as the SIP process restarts. More Information: CSCvc29353. Known Affected Releases: 11.0(0.1). Known Fixed Releases: 11.0(0)MP2.153 11.0(0)MP2.62. | |||||
CVE-2017-6138 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "normalize URI" configuration options used in iRules and/or BIG-IP LTM policies. | |||||
CVE-2017-8019 | 1 Emc | 1 Scaleio | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers (MDM, SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets to stop ScaleIO services and cause a denial of service situation. | |||||
CVE-2017-13056 | 1 Tracker-software | 1 Pdf-xchange Viewer | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a crafted PDF file. |