Total
9738 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-7122 | 1 Apple | 1 Mac Os X | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
CVE-2017-17810 | 2 Canonical, Nasm | 2 Ubuntu Linux, Netwide Assembler | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments. | |||||
CVE-2017-1001003 | 1 Mathjs Project | 1 Mathjs | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object. | |||||
CVE-2015-5248 | 1 Redhat | 1 Feedhenry Enterprise Mobile Application Platform | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Reflected file download vulnerability in Red Hat Feedhenry Enterprise Mobile Application Platform. | |||||
CVE-2017-17086 | 1 Inedo | 1 Otter | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Indeo Otter through 1.7.4 mishandles a "</script>" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as demonstrated by the Plan Editor. | |||||
CVE-2015-7691 | 5 Debian, Netapp, Ntp and 2 more | 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. | |||||
CVE-2017-0873 | 1 Google | 1 Android | 2024-02-28 | 7.1 HIGH | 6.5 MEDIUM |
A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63316255. | |||||
CVE-2017-11932 | 1 Microsoft | 1 Exchange Server | 2024-02-28 | 5.8 MEDIUM | 8.1 HIGH |
Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing Vulnerability". | |||||
CVE-2017-9497 | 2 Cisco, Motorola | 2 Mx011anm Firmware, Mx011anm | 2024-02-28 | 7.2 HIGH | 6.8 MEDIUM |
The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows physically proximate attackers to execute arbitrary commands as root by pulling up the diagnostics menu on the set-top box, and then posting to a Web Inspector route. | |||||
CVE-2016-9939 | 2 Cryptopp, Debian | 2 Crypto\+\+, Debian Linux | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the function will fail and the memory block will be zeroed even if its unused. There is a noticeable delay during the wipe for a large allocation. | |||||
CVE-2017-7213 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-02-28 | 10.0 HIGH | 10.0 CRITICAL |
Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors. | |||||
CVE-2017-2511 | 1 Apple | 1 Safari | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site. | |||||
CVE-2017-0312 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscapeID 0x100008b where user provided input is used as the limit for a loop may lead to denial of service or potential escalation of privileges | |||||
CVE-2017-0620 | 2 Google, Linux | 2 Android, Linux Kernel | 2024-02-28 | 7.6 HIGH | 7.0 HIGH |
An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35401052. References: QC-CR#1081711. | |||||
CVE-2017-3896 | 1 Mcafee | 1 Mcafee Agent | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
Unvalidated parameter vulnerability in the remote log viewing capability in Intel Security McAfee Agent 5.0.x versions prior to 5.0.4.449 allows remote attackers to pass unexpected input parameters via a URL that was not completely validated. | |||||
CVE-2017-5659 | 1 Apache | 1 Traffic Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding. | |||||
CVE-2017-0169 | 1 Microsoft | 2 Windows 8.1, Windows Server 2012 | 2024-02-28 | 5.2 MEDIUM | 5.4 MEDIUM |
An information disclosure vulnerability exists when Windows Hyper-V running on a Windows 8.1, Windows Server 2012. or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0168. | |||||
CVE-2016-6461 | 1 Cisco | 1 Adaptive Security Appliance Software | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to inject arbitrary XML commands on the affected system. More Information: CSCva38556. Known Affected Releases: 9.1(6.10). Known Fixed Releases: 100.11(0.75) 100.15(0.137) 100.8(40.129) 96.2(0.95) 97.1(0.55) 97.1(12.7) 97.1(6.30). | |||||
CVE-2010-1821 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows local users to obtain system privileges. | |||||
CVE-2017-7428 | 1 Netiq | 1 Imanager | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with Tomcat. |