Total
9738 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-5604 | 1 Mcabber | 1 Mcabber | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for mcabber 1.0.0 - 1.0.4. | |||||
CVE-2016-10069 | 2 Imagemagick, Opensuse Project | 2 Imagemagick, Leap | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames. | |||||
CVE-2017-0098 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-02-28 | 2.9 LOW | 5.4 MEDIUM |
Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0074, CVE-2017-0076, CVE-2017-0097, and CVE-2017-0099. | |||||
CVE-2016-6084 | 1 Ibm | 1 Bigfix Platform | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
IBM BigFix Platform could allow an attacker on the local network to crash the BES server using a specially crafted XMLSchema request. | |||||
CVE-2017-6613 | 1 Cisco | 1 Prime Network Registrar | 2024-02-28 | 5.0 MEDIUM | 5.8 MEDIUM |
A vulnerability in the DNS input packet processor for Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause the DNS process to momentarily restart, which could lead to a partial denial of service (DoS) condition on the affected system. The vulnerability is due to incomplete DNS packet header validation when the packet is received by the application. An attacker could exploit this vulnerability by sending a malformed DNS packet to the application. An exploit could allow the attacker to cause the DNS process to restart, which could lead to a DoS condition. This vulnerability affects Cisco Prime Network Registrar on all software versions prior to 8.3.5. Cisco Bug IDs: CSCvb55412. | |||||
CVE-2015-8212 | 1 Netbsd | 1 Netbsd | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program. | |||||
CVE-2014-9754 | 1 Viprinet | 2 Multichannel Vpn Router 300, Multichannel Vpn Router 300 Firmware | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows an attacker to perform a Man in the Middle attack. | |||||
CVE-2016-9009 | 1 Ibm | 1 Websphere Mq | 2024-02-28 | 4.0 MEDIUM | 3.1 LOW |
IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering. IBM Reference #: 1998647. | |||||
CVE-2017-5041 | 1 Google | 1 Chrome | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation, which allowed a remote attacker to display incorrect information for a site via a crafted HTML page. | |||||
CVE-2017-3818 | 1 Cisco | 1 Email Security Appliance Firmware | 2024-02-28 | 5.0 MEDIUM | 5.8 MEDIUM |
A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device, aka a Malformed MIME Header Filtering Bypass. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. More Information: CSCvb65245. Known Affected Releases: 9.7.1-066. Known Fixed Releases: 9.8.0-092. | |||||
CVE-2017-0004 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to cause a denial of service (reboot) via a crafted authentication request, aka "Local Security Authority Subsystem Service Denial of Service Vulnerability." | |||||
CVE-2017-7601 | 1 Libtiff | 1 Libtiff | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | |||||
CVE-2017-0346 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges. | |||||
CVE-2017-2371 | 1 Apple | 1 Iphone Os | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WebKit" component, which allows remote attackers to launch popups via a crafted web site. | |||||
CVE-2016-1547 | 1 Ntp | 1 Ntp | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled. | |||||
CVE-2016-4661 | 1 Apple | 1 Mac Os X | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ntfs" component, which misparses disk images and allows attackers to cause a denial of service via a crafted app. | |||||
CVE-2016-6458 | 1 Cisco | 1 Email Security Appliance Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. Email that should have been filtered could instead be forwarded by the device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to use a content filter for email attachments that are protected or encrypted. More Information: CSCva52546. Known Affected Releases: 10.0.0-125 9.7.1-066. | |||||
CVE-2017-0354 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2024-02-28 | 4.7 MEDIUM | 4.7 MEDIUM |
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where a call to certain function requiring lower IRQL can be made under raised IRQL which may lead to a denial of service. | |||||
CVE-2016-9860 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | |||||
CVE-2017-6498 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS. |