Total
9738 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-2540 | 1 Apple | 1 Mac Os X | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | |||||
CVE-2017-3280 | 1 Oracle | 1 Partner Management | 2024-02-28 | 4.3 MEDIUM | 4.7 MEDIUM |
Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS v3.0 Base Score 4.7 (Integrity impacts). | |||||
CVE-2017-3844 | 1 Cisco | 1 Prime Collaboration Assurance | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
A vulnerability in exporting functions of the user interface for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to view file directory listings and download files. Affected Products: Cisco Prime Collaboration Assurance software versions 11.0, 11.1, and 11.5 are vulnerable. Cisco Prime Collaboration Assurance software versions prior to 11.0 are not vulnerable. More Information: CSCvc86238. Known Affected Releases: 11.5(0). | |||||
CVE-2016-9726 | 1 Ibm | 2 Qradar Incident Forensics, Qradar Security Information And Event Manager | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
IBM QRadar Incident Forensics 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM Reference #: 1999542. | |||||
CVE-2016-10079 | 1 Sap | 1 Saplpd | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515. | |||||
CVE-2017-0069 | 1 Microsoft | 1 Edge | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0012 and CVE-2017-0033. | |||||
CVE-2016-8773 | 1 Huawei | 16 S12700, S12700 Firmware, S5300 and 13 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Huawei S5300 with software V200R003C00, V200R007C00, V200R008C00, V200R009C00; S5700 with software V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C03, V200R007C00, V200R008C00, V200R009C00; S6300 with software V200R003C00, V200R005C00, V200R008C00, V200R009C00; S6700 with software V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R008C00, V200R009C00; S7700 with software V200R007C00, V200R008C00, V200R009C00; S9300 with software V200R007C00, V200R008C00, V200R009C00; S9700 with software V200R007C00, V200R008C00, V200R009C00; and S12700 with software V200R007C00, V200R007C01, V200R008C00, V200R009C00 allow the attacker to cause a denial of service condition by sending malformed MPLS packets. | |||||
CVE-2016-6878 | 1 Botan Project | 1 Botan | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have unspecified impact via vectors related to undefined behavior, as demonstrated on 32-bit ARM systems compiled by Clang. | |||||
CVE-2016-2996 | 1 Ibm | 1 Security Privileged Identity Manager | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, allows remote authenticated users to append to arbitrary files via unspecified vectors. | |||||
CVE-2016-5188 | 1 Google | 1 Chrome | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages. | |||||
CVE-2016-5024 | 1 F5 | 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 7 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
Virtual servers in F5 BIG-IP systems 11.6.1 before 11.6.1 HF1 and 12.1.x before 12.1.2, when configured to parse RADIUS messages via an iRule, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) via crafted network traffic. | |||||
CVE-2017-6181 | 1 Ruby-lang | 1 Ruby | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression. | |||||
CVE-2017-9144 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. | |||||
CVE-2017-7596 | 1 Libtiff | 1 Libtiff | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | |||||
CVE-2010-5328 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
include/linux/init_task.h in the Linux kernel before 2.6.35 does not prevent signals with a process group ID of zero from reaching the swapper process, which allows local users to cause a denial of service (system crash) by leveraging access to this process group. | |||||
CVE-2017-6619 | 1 Cisco | 1 Integrated Management Controller Supervisor | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize user-supplied HTTP input. An attacker could exploit this vulnerability by sending an HTTP POST request that contains crafted, deserialized user data to the affected software. A successful exploit could allow the attacker to execute arbitrary commands with root-level privileges on the affected system, which the attacker could use to conduct further attacks. Cisco Bug IDs: CSCvd14591. | |||||
CVE-2016-9375 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful. | |||||
CVE-2016-5197 | 1 Google | 1 Chrome | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
The content view client in Google Chrome prior to 54.0.2840.85 for Android insufficiently validated intent URLs, which allowed a remote attacker who had compromised the renderer process to start arbitrary activity on the system via a crafted HTML page. | |||||
CVE-2014-9810 | 1 Imagemagick | 1 Imagemagick | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file. | |||||
CVE-2016-9385 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-02-28 | 4.9 MEDIUM | 6.0 MEDIUM |
The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks. |