Total
9738 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-10024 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-02-28 | 4.9 MEDIUM | 6.0 MEDIUM |
Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations. | |||||
CVE-2017-9142 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c. | |||||
CVE-2017-0499 | 1 Google | 1 Android | 2024-02-28 | 7.1 HIGH | 5.5 MEDIUM |
A denial of service vulnerability in Audioserver could enable a local malicious application to cause a device hang or reboot. This issue is rated as Low due to the possibility of a temporary denial of service. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32095713. | |||||
CVE-2016-7431 | 1 Ntp | 1 Ntp | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression. | |||||
CVE-2016-8344 | 1 Honeywell | 1 Experion Process Knowledge System | 2024-02-28 | 4.3 MEDIUM | 3.7 LOW |
An issue was discovered in Honeywell Experion Process Knowledge System (PKS) platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430, and Experion PKS, Release 431. Experion PKS does not properly validate input. By sending a specially crafted packet, an attacker could cause the process to terminate. A successful exploit would prevent firmware uploads to the Series-C devices. | |||||
CVE-2015-6567 | 1 Wolfcms | 1 Wolf Cms | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly. Exploitation requires a registered user who has access to upload functionality. | |||||
CVE-2014-9813 | 1 Imagemagick | 1 Imagemagick | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file. | |||||
CVE-2017-0488 | 1 Google | 1 Android | 2024-02-28 | 7.1 HIGH | 5.5 MEDIUM |
A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097213. | |||||
CVE-2016-8820 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2024-02-28 | 5.6 MEDIUM | 6.1 MEDIUM |
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a check on a function return value is missing, potentially allowing an uninitialized value to be used as the source of a strcpy() call, leading to denial of service or information disclosure. | |||||
CVE-2016-9564 | 1 Boa | 1 Boa | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters. | |||||
CVE-2016-7580 | 1 Apple | 1 Mac Os X | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the "Mail" component, which allows remote web servers to cause a denial of service via a crafted URL. | |||||
CVE-2016-9131 | 4 Debian, Isc, Netapp and 1 more | 12 Debian Linux, Bind, Data Ontap Edge and 9 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query. | |||||
CVE-2016-1248 | 2 Debian, Vim | 2 Debian Linux, Vim | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened. | |||||
CVE-2016-8273 | 1 Huawei | 1 Hisuite | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise the PC. | |||||
CVE-2017-3889 | 1 Cisco | 1 Registered Envelope Service | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
A vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to redirect a user to a undesired web page, aka an Open Redirect. This vulnerability affects the Cisco Registered Envelope cloud-based service. More Information: CSCvc60123. Known Affected Releases: 5.1.0-015. | |||||
CVE-2017-7957 | 2 Debian, Xstream Project | 2 Debian Linux, Xstream | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("<void/>") call. | |||||
CVE-2016-9380 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-02-28 | 4.6 MEDIUM | 7.5 HIGH |
The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file. | |||||
CVE-2016-5187 | 1 Google | 1 Chrome | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages. | |||||
CVE-2016-7958 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 2.2.0, the NCP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/CMakeLists.txt by registering this dissector. | |||||
CVE-2017-6464 | 1 Ntp | 1 Ntp | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive. |