Vulnerabilities (CVE)

Filtered by CWE-20
Total 10071 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-10615 1 Juniper 17 Ex3200, Ex3300, Ex3300-vc and 14 more 2024-02-04 7.5 HIGH 9.8 CRITICAL
A vulnerability in the pluggable authentication module (PAM) of Juniper Networks Junos OS may allow an unauthenticated network based attacker to potentially execute arbitrary code or crash daemons such as telnetd or sshd that make use of PAM. Affected Juniper Networks Junos OS releases are: 14.1 from 14.1R5 prior to 14.1R8-S4, 14.1R9; 14.1X53 prior to 14.1X53-D50 on EX and QFX series; 14.2 from 14.2R3 prior to 14.2R7-S8, 14.2R8; No other Junos OS releases are affected by this issue. No other Juniper Networks products are affected by this issue.
CVE-2014-8324 1 Aircrack-ng 1 Aircrack-ng 2024-02-04 5.0 MEDIUM 7.5 HIGH
network.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to cause a denial of service (segmentation fault) via a response with a crafted length parameter.
CVE-2018-5713 1 Malwarefox 1 Anti-malware 2024-02-04 6.1 MEDIUM 7.8 HIGH
In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80002010.
CVE-2017-14914 1 Google 1 Android 2024-02-04 10.0 HIGH 9.8 CRITICAL
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, handles in the global client structure can become stale.
CVE-2014-4994 1 Gyazo Project 1 Gyazo 2024-02-04 2.1 LOW 5.5 MEDIUM
lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files via a symlink attack on a temporary file, related to time-based filenames.
CVE-2017-8260 1 Google 1 Android 2024-02-04 6.8 MEDIUM 7.8 HIGH
In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later.
CVE-2017-17967 1 Ksosoft 1 Wps Office 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote attackers to cause a denial of service via a crafted PPT file, aka CNVD-2017-35482.
CVE-2018-0104 1 Cisco 4 Webex Business Suite, Webex Meetings, Webex Meetings Server and 1 more 2024-02-04 9.3 HIGH 9.6 CRITICAL
A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78853, CSCvg78856, CSCvg78857.
CVE-2017-6272 2 Microsoft, Nvidia 2 Windows, Gpu Driver 2024-02-04 7.2 HIGH 7.8 HIGH
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to a denial of service or possible escalation of privileges.
CVE-2016-5872 1 Google 1 Android 2024-02-04 10.0 HIGH 9.8 CRITICAL
In all Qualcomm products with Android releases from CAF using the Linux kernel, arguments to several QTEE syscalls are not properly validated.
CVE-2017-17846 2 Debian, Enigmail 2 Debian Linux, Enigmail 2024-02-04 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003.
CVE-2017-14617 1 Freedesktop 1 Poppler 2024-02-04 6.8 MEDIUM 7.8 HIGH
In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files.
CVE-2015-9039 1 Google 1 Android 2024-02-04 10.0 HIGH 9.8 CRITICAL
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in eMBMS where an assertion can be reached by a sequence of downlink messages.
CVE-2017-12299 1 Cisco 1 Firepower Extensible Operating System 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
A vulnerability exists in the process of creating default IP blocks during device initialization for Cisco ASA Next-Generation Firewall Services that could allow an unauthenticated, remote attacker to send traffic to the local IP address of the device, bypassing any filters that are configured to deny local IP management traffic. The vulnerability is due to an implementation error that exists in the process of creating default IP blocks when the device is initialized, and the way in which those IP blocks interact with user-configured filters for local IP management traffic (for example, SSH to the device). An attacker could exploit this vulnerability by sending traffic to the local IP address of the targeted device. A successful exploit could allow the attacker to connect to the local IP address of the device even when there are filters configured to deny the traffic. Cisco Bug IDs: CSCvd97962.
CVE-2016-10391 1 Google 1 Android 2024-02-04 10.0 HIGH 9.8 CRITICAL
In all Qualcomm products with Android releases from CAF using the Linux kernel, the length in an HCI command is not properly checked for validity.
CVE-2017-7564 1 Arm 1 Arm Trusted Firmware 2024-02-04 5.0 MEDIUM 7.5 HIGH
In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service (secure world panic) via vectors involving debug exceptions and debug registers.
CVE-2017-1000469 1 Cobbler Project 1 Cobbler 2024-02-04 10.0 HIGH 9.8 CRITICAL
Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.
CVE-2017-9938 1 Siemens 1 Simatic Logon 2024-02-04 5.0 MEDIUM 7.5 HIGH
A vulnerability was discovered in Siemens SIMATIC Logon (All versions before V1.6) that could allow specially crafted packets sent to the SIMATIC Logon Remote Access service on port 16389/tcp to cause a Denial-of-Service condition. The service restarts automatically.
CVE-2017-11665 1 Ffmpeg 1 Ffmpeg 2024-02-04 5.0 MEDIUM 7.5 HIGH
The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream.
CVE-2017-7119 1 Apple 1 Mac Os X 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.