Total
9738 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-10068 | 3 Imagemagick, Opensuse, Opensuse Project | 3 Imagemagick, Leap, Leap | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file. | |||||
CVE-2016-7785 | 1 Ffmpeg | 1 Ffmpeg | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. | |||||
CVE-2016-7998 | 1 Spip | 1 Spip | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action. | |||||
CVE-2016-8106 | 3 Hp, Intel, Lenovo | 60 Ethernet 10gb 2-port 562flr-sfp\+, Ethernet 10gb 2-port 562sfp\+, Ethernet 10gb 4-port 563sfp\+ and 57 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions. | |||||
CVE-2017-2313 | 1 Juniper | 1 Junos | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Juniper Networks devices running affected Junos OS versions may be impacted by the receipt of a crafted BGP UPDATE which can lead to an rpd (routing process daemon) crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition. The affected Junos OS versions are: 15.1 prior to 15.1F2-S15, 15.1F5-S7, 15.1F6-S5, 15.1F7, 15.1R4-S7, 15.1R5-S2, 15.1R6; 15.1X49 prior to 15.1X49-D78, 15.1X49-D80; 15.1X53 prior to 15.1X53-D230, 15.1X53-D63, 15.1X53-D70; 16.1 prior to 16.1R3-S3, 16.1R4; 16.2 prior to 16.2R1-S3, 16.2R2; Releases prior to Junos OS 15.1 are unaffected by this vulnerability. 17.1R1, 17.2R1, and all subsequent releases have a resolution for this vulnerability. | |||||
CVE-2017-5872 | 1 Unisys | 1 Clearpath Mcp | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 57.1 before 57.152, 58.1 before 58.142, or 59.1 before 59.172, when running a TLS 1.2 service, allows remote attackers to cause a denial of service (network connectivity disruption) via a client hello with a signature_algorithms extension above those defined in RFC 5246, which triggers a full memory dump. | |||||
CVE-2017-0355 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where it may access paged memory while holding a spinlock, leading to a denial of service. | |||||
CVE-2017-7599 | 1 Libtiff | 1 Libtiff | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | |||||
CVE-2016-10243 | 3 Debian, Fedoraproject, Tug | 3 Debian Linux, Fedora, Tex Live | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file. | |||||
CVE-2016-9224 | 1 Cisco | 1 Jabber Guest | 2024-02-28 | 6.4 MEDIUM | 6.5 MEDIUM |
A vulnerability in the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to initiate connections to arbitrary hosts. More Information: CSCvc31635. Known Affected Releases: 10.6(9). Known Fixed Releases: 11.0(0). | |||||
CVE-2016-9372 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects. | |||||
CVE-2016-9212 | 1 Cisco | 1 Web Security Appliance | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer (SSL) or Transport Layer Security (TLS), even if the WSA is configured to block connections to the website. Affected Products: This vulnerability affects Cisco Web Security Appliances if the HTTPS decryption options are enabled and configured for the device to block connections to certain websites. More Information: CSCvb49012. Known Affected Releases: 9.0.1-162 9.1.1-074. | |||||
CVE-2017-0099 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-28 | 2.3 LOW | 5.4 MEDIUM |
Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0074, CVE-2017-0076, and CVE-2017-0097. | |||||
CVE-2017-3236 | 1 Oracle | 1 Flexcube Universal Banking | 2024-02-28 | 4.3 MEDIUM | 4.7 MEDIUM |
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 4.7 (Integrity impacts). | |||||
CVE-2015-7847 | 1 Huawei | 2 E3272s, E3272s Firmware | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
Huawei MBB (Mobile Broadband) product E3272s with software versions earlier than E3272s-153TCPU-V200R002B491D09SP00C00 has a Denial of Service (DoS) vulnerability. An attacker could send a malicious packet to the Common Gateway Interface (CGI) of a target device and make it fail while setting the port attribute, which causes a DoS attack. | |||||
CVE-2016-10222 | 1 Apple | 1 Safari | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (segmentation violation and application crash) via crafted JavaScript code that triggers a "type confusion" in the JSON.stringify function. | |||||
CVE-2017-3790 | 1 Cisco | 2 Expressway, Telepresence Video Communication Server | 2024-02-28 | 7.8 HIGH | 8.6 HIGH |
A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient size validation of user-supplied data. An attacker could exploit this vulnerability by sending crafted H.224 data in Real-Time Transport Protocol (RTP) packets in an H.323 call. An exploit could allow the attacker to overflow a buffer in a cache that belongs to the received packet parser, which will result in a crash of the application, resulting in a DoS condition. All versions of Cisco Expressway Series Software and Cisco TelePresence VCS Software prior to version X8.8.2 are vulnerable. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCus99263. | |||||
CVE-2017-5880 | 1 Splunk | 1 Splunk | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Splunk Web in Splunk Enterprise versions 6.5.x before 6.5.2, 6.4.x before 6.4.5, 6.3.x before 6.3.9, 6.2.x before 6.2.13, 6.1.x before 6.1.12, 6.0.x before 6.0.13, 5.0.x before 5.0.17 and Splunk Light versions before 6.5.2 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted GET request, aka SPL-130279. | |||||
CVE-2017-7262 | 1 Amd | 1 Ryzen | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows local users to cause a denial of service (system hang) via an application that makes a long series of FMA3 instructions, as demonstrated by the Flops test suite. | |||||
CVE-2016-0206 | 1 Ibm | 1 Cloud Orchestrator | 2024-02-28 | 2.1 LOW | 3.3 LOW |
IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL. |