Total
10626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0642 | 1 Cisco | 2 Ios, Ios Xe | 2017-05-12 | 7.8 HIGH | N/A |
| Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of service (device reload) by sending malformed IKEv2 packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum36951. | |||||
| CVE-2017-2153 | 1 Seil | 10 B1, B1 Firmware, Bpv 4 and 7 more | 2017-05-11 | 5.0 MEDIUM | 7.5 HIGH |
| SEIL/x86 Fuji 1.70 to 5.62, SEIL/BPV4 5.00 to 5.62, SEIL/X1 1.30 to 5.62, SEIL/X2 1.30 to 5.62, SEIL/B1 1.00 to 5.62 allows remote attackers to cause a denial of service via specially crafted IPv4 UDP packets. | |||||
| CVE-2017-8288 | 1 Gnome | 1 Gnome-shell | 2017-05-10 | 6.8 MEDIUM | 8.1 HIGH |
| gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what applications you have opened or what music you were playing), or even execute arbitrary commands. It all depends on what extensions a user has enabled. The problem is caused by lack of exception handling in js/ui/extensionSystem.js. | |||||
| CVE-2017-8219 | 1 Tp-link | 4 C2, C20i, C20i Firmware and 1 more | 2017-05-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI. | |||||
| CVE-2014-9907 | 1 Imagemagick | 1 Imagemagick | 2017-05-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file. | |||||
| CVE-2017-2100 | 1 Ipa | 1 Appgoat | 2017-05-05 | 6.8 MEDIUM | 6.3 MEDIUM |
| Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.1 and earlier allows remote attackers to conduct DNS rebinding attacks via unspecified vectors. | |||||
| CVE-2016-9693 | 1 Ibm | 2 Business Process Manager, Websphere | 2017-05-02 | 6.8 MEDIUM | 6.1 MEDIUM |
| IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considered executable and cause damage on the victim's machine. IBM Reference #: 1998655. | |||||
| CVE-2014-2522 | 2 Haxx, Microsoft | 3 Curl, Libcurl, Windows | 2017-04-29 | 4.0 MEDIUM | N/A |
| curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. | |||||
| CVE-2016-4841 | 1 Cybozu | 1 Mailwise | 2017-04-27 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers. | |||||
| CVE-2016-4862 | 1 Cs-cart | 1 Cs-cart | 2017-04-26 | 6.5 MEDIUM | 8.8 HIGH |
| Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers. | |||||
| CVE-2017-7979 | 1 Linux | 1 Linux Kernel | 2017-04-26 | 7.2 HIGH | 7.8 HIGH |
| The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via "tc filter add" commands in certain contexts. NOTE: this does not affect stable kernels, such as 4.10.x, from kernel.org. | |||||
| CVE-2017-7892 | 1 Capnproto | 1 Capnproto | 2017-04-25 | 5.0 MEDIUM | 7.5 HIGH |
| Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit libcapnp application because Cap'n Proto relies on pointer arithmetic calculations that overflow. An example compiler with optimization that elides a bounds check in such calculations is Apple LLVM version 8.1.0 (clang-802.0.41). The attack vector is a crafted far pointer within a message. | |||||
| CVE-2017-1161 | 1 Ibm | 1 Api Connect | 2017-04-25 | 7.5 HIGH | 7.3 HIGH |
| IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the privileges of the www-data user. IBM X-Force ID: 122956. | |||||
| CVE-2016-2567 | 1 Samsung | 4 Galaxy Note 3, Galaxy Note 3 Firmware, Galaxy S6 and 1 more | 2017-04-25 | 2.1 LOW | 3.3 LOW |
| secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an "exceptional URL" in the query string, as demonstrated by the http://should-have-been-filtered.example.com/?http://google.com URL. | |||||
| CVE-2015-7740 | 1 Huawei | 4 P7, P7 Firmware, P8 Ale-ul00 and 1 more | 2017-04-25 | 4.9 MEDIUM | 5.5 MEDIUM |
| Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application that passes crafted input to the GPU driver. | |||||
| CVE-2016-9278 | 1 Samsung | 1 Exynos Fimg2d Driver | 2017-04-25 | 4.9 MEDIUM | 5.5 MEDIUM |
| The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows local users to cause a denial of service (kernel panic) via a crafted ioctl command. The Samsung ID is SVE-2016-6736. | |||||
| CVE-2017-7283 | 1 Unitrends | 1 Enterprise Backup | 2017-04-24 | 9.0 HIGH | 8.8 HIGH |
| An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in api/includes/restore.php. | |||||
| CVE-2010-1821 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-04-21 | 7.2 HIGH | 7.8 HIGH |
| Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows local users to obtain system privileges. | |||||
| CVE-2017-2989 | 1 Adobe | 1 Campaign | 2017-04-20 | 7.5 HIGH | 9.1 CRITICAL |
| Adobe Campaign versions Build 8770 and earlier have an input validation bypass that could be exploited to read, write, or delete data from the Campaign database. | |||||
| CVE-2017-7280 | 1 Unitrends | 1 Enterprise Backup | 2017-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in api/includes/systems.php in Unitrends Enterprise Backup before 9.0.0. User input is not properly filtered before being sent to a popen function. This allows for remote code execution by sending a specially crafted user variable. | |||||