Total
9738 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-0178 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Server 2012 and 1 more | 2024-02-28 | 5.2 MEDIUM | 5.4 MEDIUM |
A denial of service vulnerability exists when Microsoft Hyper-V running on Windows 10, Windows 10 1511, Windows 10 1607, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186. | |||||
CVE-2015-8744 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS. | |||||
CVE-2017-7408 | 1 Paloaltonetworks | 1 Traps | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to cause a denial of service by leveraging improper validation of requests to revoke a Traps agent license. | |||||
CVE-2017-6616 | 1 Cisco | 1 Integrated Management Controller Supervisor | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize specific values that are received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user on the affected system. Cisco Bug IDs: CSCvd14578. | |||||
CVE-2017-2535 | 1 Apple | 1 Mac Os X | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Security" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (resource consumption) via a crafted app. | |||||
CVE-2017-8933 | 1 Libmenu-cache Project | 1 Libmenu-cache | 2024-02-28 | 2.1 LOW | 3.3 LOW |
Libmenu-cache 1.0.2 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (menu unavailability). | |||||
CVE-2016-4862 | 1 Cs-cart | 1 Cs-cart | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers. | |||||
CVE-2016-2937 | 1 Ibm | 1 Bigfix Remote Control | 2024-02-28 | 6.4 MEDIUM | 6.5 MEDIUM |
IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive information or spoof e-mail transmission via a crafted POST request, related to an "untrusted information vulnerability." | |||||
CVE-2016-9795 | 6 Broadcom, Ca, Hp and 3 more | 10 Ca Workload Automation Ae, Client Automation, Systemedge and 7 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation. | |||||
CVE-2016-6267 | 1 Trendmicro | 1 Smart Protection Server | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3) spare_AllowGroupNetmask parameter to admin_notification.php. | |||||
CVE-2017-5185 | 1 Microfocus | 1 Sentinel | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service. | |||||
CVE-2017-5602 | 1 Jappix Project | 1 Jappix | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for jappix 1.0.0 to 1.1.6. | |||||
CVE-2016-9858 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | |||||
CVE-2016-9420 | 1 Mybb | 2 Merge System, Mybb | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allow remote attackers to have unspecified impact via vectors related to "loose comparison false positives." | |||||
CVE-2016-7790 | 1 Exponentcms | 1 Exponent Cms | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload 'php' file to the website through uploader_paste.php, then overwrite /framework/conf/config.php, which leads to arbitrary code execution. | |||||
CVE-2017-3241 | 1 Oracle | 3 Jdk, Jre, Jrockit | 2024-02-28 | 6.8 MEDIUM | 9.0 CRITICAL |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). | |||||
CVE-2017-0163 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Server 2008 and 2 more | 2024-02-28 | 7.4 HIGH | 7.6 HIGH |
A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0180, and CVE-2017-0181. | |||||
CVE-2017-7235 | 1 Cloudflare-scrape Project | 1 Cloudflare-scrape | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A malicious website owner could craft a page that executes arbitrary Python code against any cfscrape user who scrapes that website. This is fixed in 1.8.0. | |||||
CVE-2017-5589 | 1 Yaxim | 2 Bruno, Yaxim | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for yaxim and Bruno (0.8.6 - 0.8.8; Android). | |||||
CVE-2017-9091 | 1 Allen Disk Project | 1 Allen Disk | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
/admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying $_POST['captcha']. |