Total
9738 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-11673 | 1 Acunetix | 1 Web Vulnerability Scanner | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Reporter.exe in Acunetix 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed PRE file, related to a "User Mode Write AV starting at reporter!madTraceProcess." | |||||
CVE-2017-12801 | 1 Matroska | 3 Libebml2, Mkclean, Mkvalidator | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
The UpdateDataSize function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. | |||||
CVE-2017-5721 | 1 Intel | 10 Nuc7i3bnh, Nuc7i3bnh Firmware, Nuc7i3bnk and 7 more | 2024-02-28 | 4.4 MEDIUM | 7.5 HIGH |
Insufficient input validation in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to execute arbitrary code via manipulation of memory. | |||||
CVE-2017-13145 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash. | |||||
CVE-2017-6136 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.0.0 - 12.1.2, undisclosed traffic patterns sent to BIG-IP virtual servers, with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile, may cause a disruption of service to the Traffic Management Microkernel (TMM). | |||||
CVE-2017-1002153 | 1 Koji Project | 1 Koji | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission. | |||||
CVE-2017-2731 | 1 Huawei | 2 P9 Plus, P9 Plus Firmware | 2024-02-28 | 7.1 HIGH | 5.5 MEDIUM |
The vibrator service in P9 Plus smart phones with software versions earlier before VIE-AL10C00B386 has DoS vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone vibrator service interface to crash the system. | |||||
CVE-2017-14771 | 1 Skyboxsecurity | 1 Skybox Manager Client Application | 2024-02-28 | 3.6 LOW | 5.5 MEDIUM |
Skybox Manager Client Application prior to 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the application. During a debugger-pause state, a local authenticated attacker can upload an arbitrary file and overwrite existing files within the scope of the affected application. | |||||
CVE-2017-17831 | 1 Git Large File Storage Project | 1 Git Large File Storage | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository. | |||||
CVE-2017-5106 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | |||||
CVE-2017-9741 | 1 Projectsend | 1 Projectsend | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
install/make-config.php in ProjectSend r754 allows remote attackers to execute arbitrary PHP code via the dbprefix parameter, related to replacing TABLES_PREFIX in the configuration file. | |||||
CVE-2017-14023 | 1 Siemens | 2 Simatic Pcs7, Simatic Wincc | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface. | |||||
CVE-2015-1555 | 1 Zend | 1 Zend Framework | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators. | |||||
CVE-2017-14520 | 1 Freedesktop | 1 Poppler | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files. | |||||
CVE-2017-17565 | 1 Xen | 1 Xen | 2024-02-28 | 4.7 MEDIUM | 5.6 MEDIUM |
An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P. | |||||
CVE-2017-14589 | 1 Atlassian | 1 Bamboo | 2024-02-28 | 6.8 MEDIUM | 9.6 CRITICAL |
It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute Java code of their choice on systems that run a vulnerable version of Bamboo. All versions of Bamboo before 6.1.6 (the fixed version for 6.1.x) and from 6.2.0 before 6.2.5 (the fixed version for 6.2.x) are affected by this vulnerability. | |||||
CVE-2017-9800 | 1 Apache | 1 Subversion | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://. | |||||
CVE-2017-14964 | 1 Ikarussecurity | 1 Anti.virus | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300005c. | |||||
CVE-2017-15270 | 1 Psftp | 1 Psftpd | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. This can be used by attackers to hide data in the Graphical User Interface (GUI) view and create arbitrary entries to a certain extent. Special characters such as '"' and ',' and '\r' are not escaped and can be used to add new entries to the log. | |||||
CVE-2012-6696 | 1 Inspircd | 1 Inspircd | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836. |