Total
9738 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-4547 | 1 Samsung | 1 Samsung Mobile | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C. | |||||
CVE-2016-6244 | 1 Openbsd | 1 Openbsd | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
The sys_thrsigdivert function in kern/kern_sig.c in the OpenBSD kernel 5.9 allows remote attackers to cause a denial of service (panic) via a negative "ts.tv_sec" value. | |||||
CVE-2014-9815 | 1 Imagemagick | 1 Imagemagick | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file. | |||||
CVE-2014-9808 | 1 Imagemagick | 1 Imagemagick | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image. | |||||
CVE-2017-0162 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Server 2012 and 1 more | 2024-02-28 | 7.4 HIGH | 7.6 HIGH |
A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0163, CVE-2017-0180, and CVE-2017-0181. | |||||
CVE-2016-7543 | 2 Fedoraproject, Gnu | 2 Fedora, Bash | 2024-02-28 | 7.2 HIGH | 8.4 HIGH |
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. | |||||
CVE-2017-2453 | 1 Apple | 2 Iphone Os, Safari | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof FaceTime prompts in the user interface via a crafted web site. | |||||
CVE-2016-6560 | 1 Illumos | 1 Illumos | 2024-02-28 | 7.8 HIGH | 8.6 HIGH |
illumos osnet-incorporation bcopy() and bzero() implementations make signed instead of unsigned comparisons allowing a system crash. | |||||
CVE-2017-7645 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. | |||||
CVE-2016-8944 | 1 Ibm | 1 Aix | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
IBM AIX 7.1 and 7.2 allows a local user to open a file with a specially crafted argument that would crash the system. IBM APARs: IV91488, IV91487, IV91456, IV90234. | |||||
CVE-2016-9390 | 1 Jasper Project | 1 Jasper | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. | |||||
CVE-2017-0095 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-02-28 | 7.9 HIGH | 7.6 HIGH |
Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V vSMB Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0021. | |||||
CVE-2014-9755 | 1 Viprinet | 2 Multichannel Vpn Router 300, Multichannel Vpn Router 300 Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows remote attackers to perform a replay attack. | |||||
CVE-2017-6473 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file parser crash, triggered by a malformed capture file. This was addressed in wiretap/k12.c by validating the relationships between lengths and offsets. | |||||
CVE-2016-10176 | 1 Netgear | 2 Wnr2000v5, Wnr2000v5 Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server (uhttpd) and processed accordingly. The web server also contains another URL, apply_noauth.cgi, that allows an unauthenticated user to perform sensitive actions on the device. This functionality can be exploited to change the router settings (such as the answers to the password-recovery questions) and achieve remote code execution. | |||||
CVE-2016-10228 | 1 Gnu | 1 Glibc | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service. | |||||
CVE-2015-4646 | 1 Squashfs Project | 1 Squashfs | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
(1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input. | |||||
CVE-2016-6500 | 1 Forgerock | 1 Racf Connector | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
Unspecified methods in the RACF Connector component before 1.1.1.0 in ForgeRock OpenIDM and OpenICF improperly call the SearchControls constructor with returnObjFlag set to true, which allows remote attackers to execute arbitrary code via a crafted serialized Java object, aka LDAP entry poisoning. | |||||
CVE-2016-9686 | 1 Puppet | 1 Puppet Enterprise | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2. | |||||
CVE-2017-9141 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c. |