Total
9738 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8442 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| Possible unauthorized memory access in the hypervisor. Lack of input validation could allow hypervisor memory to be accessed by the HLOS. Product: Android. Versions: Kernel 3.18. Android ID: A-31625910. QC-CR#1038173. | |||||
| CVE-2015-7740 | 1 Huawei | 4 P7, P7 Firmware, P8 Ale-ul00 and 1 more | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application that passes crafted input to the GPU driver. | |||||
| CVE-2017-9131 | 1 Mimosa | 2 Backhaul Radios, Client Radios | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. By connecting to the Mosquitto broker on an access point and one of its clients, an attacker can gather enough information to craft a command that reboots the client remotely when sent to the client's Mosquitto broker, aka "unauthenticated remote command execution." This command can be re-sent endlessly to act as a DoS attack on the client. | |||||
| CVE-2017-3242 | 1 Oracle | 1 Vm Server | 2024-02-28 | 1.9 LOW | 5.9 MEDIUM |
| Vulnerability in the Oracle VM Server for Sparc component of Oracle Sun Systems Products Suite (subcomponent: LDOM Manager). Supported versions that are affected are 3.2 and 3.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM Server for Sparc executes to compromise Oracle VM Server for Sparc. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM Server for Sparc, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM Server for Sparc. CVSS v3.0 Base Score 5.9 (Availability impacts). | |||||
| CVE-2009-5147 | 1 Ruby-lang | 1 Ruby | 2024-02-28 | 7.5 HIGH | 7.3 HIGH |
| DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names. | |||||
| CVE-2017-6650 | 1 Cisco | 10 Nexus 5548up, Nexus 5596t, Nexus 5596up and 7 more | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into the Telnet CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86771. | |||||
| CVE-2016-8756 | 1 Huawei | 2 Mate 8, Mate 8 Firmware | 2024-02-28 | 7.1 HIGH | 5.5 MEDIUM |
| ION memory management module in Huawei Mate 8 phones with software NXT-AL10C00B197 and earlier versions, NXT-DL10C00B197 and earlier versions, NXT-TL10C00B197 and earlier versions, NXT-CL10C00B197 and earlier versions allows attackers to cause a denial of service (restart). | |||||
| CVE-2016-9191 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity. | |||||
| CVE-2017-3849 | 1 Cisco | 2 Ios, Ios Xe | 2024-02-28 | 6.1 MEDIUM | 7.4 HIGH |
| A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software (possibly 15.2 through 15.6) and Cisco IOS XE Software (possibly 3.7 through 3.18, and 16) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted autonomic network channel discovery packet to a device that has all the following characteristics: (1) running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature; (2) configured as an autonomic registrar; (3) has a whitelist configured. An exploit could allow the attacker to cause the affected device to reload. Note: Autonomic networking should be configured with a whitelist. Do not remove the whitelist as a workaround. Cisco Bug IDs: CSCvc42717. | |||||
| CVE-2016-7209 | 1 Microsoft | 1 Edge | 2024-02-28 | 2.6 LOW | 5.3 MEDIUM |
| Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability." | |||||
| CVE-2017-6188 | 2 Debian, Munin-monitoring | 2 Debian Linux, Munin | 2024-02-28 | 1.9 LOW | 5.5 MEDIUM |
| Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user. | |||||
| CVE-2017-6469 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by ensuring that memory is allocated for a certain data structure. | |||||
| CVE-2016-4868 | 1 Cybozu | 1 Office | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests. | |||||
| CVE-2017-0181 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Server 2008 and 2 more | 2024-02-28 | 7.4 HIGH | 7.6 HIGH |
| A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10 or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0163, and CVE-2017-0180. | |||||
| CVE-2016-10167 | 1 Libgd | 1 Libgd | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file. | |||||
| CVE-2017-3814 | 1 Cisco | 1 Firepower Management Center | 2024-02-28 | 5.0 MEDIUM | 5.8 MEDIUM |
| A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content, aka a URL Bypass. More Information: CSCvb93980. Known Affected Releases: 5.3.0 5.4.0 6.0.0 6.0.1 6.1.0. | |||||
| CVE-2017-0484 | 1 Google | 1 Android | 2024-02-28 | 7.1 HIGH | 5.5 MEDIUM |
| A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33298089. | |||||
| CVE-2017-6345 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls. | |||||
| CVE-2016-3044 | 1 Ibm | 1 Powerkvm | 2024-02-28 | 4.9 MEDIUM | 6.5 MEDIUM |
| The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 and 3.1 before 3.1.0.2 allows guest OS users to cause a denial of service (host OS infinite loop and hang) via unspecified vectors. | |||||
| CVE-2017-9046 | 1 Pmail | 1 Pegasus | 2024-02-28 | 4.4 MEDIUM | 7.3 HIGH |
| winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed locally. For example, if ssgp.dll is on the desktop and executes arbitrary code in the DllMain function, then clicking on a mailto: link on a remote web page triggers the attack. | |||||