Total
9738 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-9394 | 1 Jasper Project | 1 Jasper | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. | |||||
CVE-2017-2989 | 1 Adobe | 1 Campaign | 2024-02-28 | 7.5 HIGH | 9.1 CRITICAL |
Adobe Campaign versions Build 8770 and earlier have an input validation bypass that could be exploited to read, write, or delete data from the Campaign database. | |||||
CVE-2014-9806 | 1 Imagemagick | 1 Imagemagick | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file. | |||||
CVE-2017-2461 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted text message. | |||||
CVE-2016-4332 | 1 Hdfgroup | 1 Hdf5 | 2024-02-28 | 6.9 MEDIUM | 8.6 HIGH |
The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library. | |||||
CVE-2017-2576 | 1 Moodle | 1 Moodle | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums. | |||||
CVE-2017-2947 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have a security bypass vulnerability when manipulating Form Data Format (FDF). | |||||
CVE-2017-0171 | 1 Microsoft | 3 Windows Server 2008, Windows Server 2012, Windows Server 2016 | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
Windows DNS Server allows a denial of service vulnerability when Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 are configured to answer version queries, aka "Windows DNS Server Denial of Service Vulnerability". | |||||
CVE-2017-0249 | 1 Microsoft | 18 Asp.net Model View Controller, Microsoft.aspnetcore.mvc.abstractions, Microsoft.aspnetcore.mvc.apiexplorer and 15 more | 2024-02-28 | 7.5 HIGH | 7.3 HIGH |
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. | |||||
CVE-2016-9201 | 1 Cisco | 1 Ios | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based on the configuration. More Information: CSCuz21015. Known Affected Releases: 15.3(3)M3. Known Fixed Releases: 15.6(2)T0.1 15.6(2.0.1a)T0 15.6(2.19)T 15.6(3)M. | |||||
CVE-2017-3258 | 4 Debian, Mariadb, Oracle and 1 more | 9 Debian Linux, Mariadb, Mysql and 6 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts). | |||||
CVE-2016-6131 | 1 Gnu | 1 Libiberty | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types. | |||||
CVE-2016-6711 | 1 Google | 1 Android | 2024-02-28 | 7.1 HIGH | 5.5 MEDIUM |
A remote denial of service vulnerability in libvpx in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-30593765. | |||||
CVE-2017-0483 | 1 Google | 1 Android | 2024-02-28 | 7.1 HIGH | 5.5 MEDIUM |
A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33137046. | |||||
CVE-2015-8870 | 1 Libtiff | 1 Libtiff | 2024-02-28 | 5.8 MEDIUM | 7.4 HIGH |
Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file. | |||||
CVE-2016-9211 | 1 Cisco | 2 Ons 15454 Sdh Multiservice Platform, Ons 15454 Sdh Multiservice Platform Software | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in TCP port management in Cisco ONS 15454 Series Multiservice Provisioning Platforms could allow an unauthenticated, remote attacker to cause the controller card to unexpectedly reload. More Information: CSCuw26032. Known Affected Releases: 10.51. | |||||
CVE-2017-7692 | 1 Squirrelmail | 1 Squirrelmail | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the Deliver_SendMail.class.php with the initStream function that uses escapeshellcmd() to sanitize the sendmail command before executing it. The use of escapeshellcmd() is not correct in this case since it doesn't escape whitespaces, allowing the injection of arbitrary command parameters. The problem is in -f$envelopefrom within the sendmail command line. Hence, if the target server uses sendmail and SquirrelMail is configured to use it as a command-line program, it's possible to trick sendmail into using an attacker-provided configuration file that triggers the execution of an arbitrary command. For exploitation, the attacker must upload a sendmail.cf file as an email attachment, and inject the sendmail.cf filename with the -C option within the "Options > Personal Informations > Email Address" setting. | |||||
CVE-2016-7636 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which allows man-in-the-middle attackers to cause a denial of service (application crash) via vectors related to OCSP responder URLs. | |||||
CVE-2017-7261 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device. | |||||
CVE-2017-6468 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between pages and records. |