Total
9738 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-9043 | 1 Gnu | 1 Binutils | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file. | |||||
CVE-2015-5401 | 1 Teradata | 2 Teradata Express, Teradata Gateway | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Teradata Gateway before 15.00.03.02-1 and 15.10.x before 15.10.00.01-1 and TD Express before 15.00.02.08_Sles10 and 15.00.02.08_Sles11 allow remote attackers to cause a denial of service (database crash) via a malformed CONFIG REQUEST message. | |||||
CVE-2016-9253 | 1 F5 | 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 7 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile. | |||||
CVE-2017-6652 | 1 Cisco | 1 Telepresence Ix5000 | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in the web framework of the Cisco TelePresence IX5000 Series could allow an unauthenticated, remote attacker to access arbitrary files on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using directory traversal techniques to read files within the Cisco TelePresence IX5000 Series filesystem. This vulnerability affects Cisco TelePresence IX5000 Series devices running software version 8.2.0. Cisco Bug IDs: CSCvc52325. | |||||
CVE-2016-4841 | 1 Cybozu | 1 Mailwise | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers. | |||||
CVE-2017-5215 | 1 Codextrous | 1 B2j Contact | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a rename attack that bypasses a "safe file extension" protection mechanism, leading to remote code execution. | |||||
CVE-2017-3162 | 1 Apache | 1 Hadoop | 2024-02-28 | 7.5 HIGH | 7.3 HIGH |
HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0. | |||||
CVE-2017-5359 | 1 Easycom-aura | 1 Sql Iplug | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
EasyCom SQL iPlug allows remote attackers to cause a denial of service via the D$EVAL parameter to the default URI. | |||||
CVE-2017-5590 | 2 Chatsecure, Zom | 2 Chatsecure, Zom | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for ChatSecure (3.2.0 - 4.0.0; only iOS) and Zom (all versions up to 1.0.11; only iOS). | |||||
CVE-2016-5102 | 1 Libtiff | 1 Libtiff | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file. | |||||
CVE-2017-6466 | 1 F-secure | 1 Software Updater | 2024-02-28 | 9.3 HIGH | 8.1 HIGH |
F-Secure Software Updater 2.20, as distributed in several F-Secure products, downloads installation packages over plain http and does not perform file integrity validation after download. Man-in-the-middle attackers can replace the file with their own executable which will be executed under the SYSTEM account. Note that when Software Updater is configured to install updates automatically, it checks if the downloaded file is digitally signed by default, but does not check the author of the signature. When running in manual mode (default), no signature check is performed. | |||||
CVE-2014-9933 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
Due to missing input validation in all Android releases from CAF using the Linux kernel, HLOS can write to fuses for which it should not have access. | |||||
CVE-2016-9955 | 2 Debian, Simplesamlphp | 2 Debian Linux, Simplesamlphp | 2024-02-28 | 4.0 MEDIUM | 6.3 MEDIUM |
The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean. | |||||
CVE-2017-5932 | 1 Gnu | 1 Bash | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter. | |||||
CVE-2016-6462 | 1 Cisco | 1 Email Security Appliance Firmware | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCva13456. Known Affected Releases: 10.0.0-082 10.0.0-125 9.7.1-066. Known Fixed Releases: 10.0.0-203 9.7.2-131. | |||||
CVE-2017-6961 | 1 Apng2gif Project | 1 Apng2gif | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in apng2gif 1.7. There is improper sanitization of user input causing huge memory allocations, resulting in a crash. This is related to the read_chunk function using the pChunk->size value (within the PNG file) to determine the amount of memory to allocate. | |||||
CVE-2014-9645 | 1 Busybox | 1 Busybox | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /snd_pcm none /" command. | |||||
CVE-2014-8705 | 1 Wondercms | 1 Wondercms | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
PHP remote file inclusion vulnerability in editInplace.php in Wonder CMS 2014 allows remote attackers to execute arbitrary PHP code via a URL in the hook parameter. | |||||
CVE-2017-8219 | 1 Tp-link | 4 C2, C20i, C20i Firmware and 1 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI. | |||||
CVE-2016-9193 | 1 Cisco | 2 Firepower Management Center, Firesight System Software | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. Affected Products: Cisco Firepower Management Center and FireSIGHT System Software are affected when they are configured to use a file policy that has the Block Malware action. More Information: CSCvb27494. Known Affected Releases: 6.0.1.1 6.1.0. |