Total
10071 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7126 | 1 Apple | 1 Mac Os X | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2017-17803 | 1 Tgsoft | 1 Vir.it Explorer | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x82736068, a different vulnerability than CVE-2017-17475. | |||||
| CVE-2017-14063 | 1 Asynchttpclient Project | 1 Async-http-client | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Async Http Client (aka async-http-client) before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL (CVE-2016-8624) and Oracle Java 8 java.net.URL. | |||||
| CVE-2017-15868 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application. | |||||
| CVE-2016-7976 | 1 Artifex | 1 Ghostscript | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams. | |||||
| CVE-2017-18019 | 1 K7computing | 1 Total Security | 2024-02-04 | 3.6 LOW | 7.1 HIGH |
| In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficiently sanitized: the user-controlled input can be used to compare an arbitrary memory address with a fixed value, which in turn can be used to read the contents of arbitrary memory. Similarly, the product crashes upon a \\.\K7Sentry DeviceIoControl call with an invalid kernel pointer. | |||||
| CVE-2017-3759 | 1 Lenovo | 1 Service Framework | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
| The Lenovo Service Framework Android application accepts some responses from the server without proper validation. This exposes the application to man-in-the-middle attacks leading to possible remote code execution. | |||||
| CVE-2017-16227 | 2 Debian, Quagga | 2 Debian Linux, Quagga | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message. | |||||
| CVE-2017-6164 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
| In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly handle certain malformed TLS1.2 records, which allows remote attackers to cause a denial-of-service (DoS) or possible remote command execution on the BIG-IP system. | |||||
| CVE-2017-1519 | 3 Ibm, Linux, Microsoft | 4 Db2, Db2 Connect, Linux Kernel and 1 more | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A remote user can cause disruption of service for DB2 Connect Server setup with a particular configuration. IBM X-Force ID: 129829. | |||||
| CVE-2017-17537 | 1 Mikrotik | 1 Routerboard | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated remote attacker to cause a denial of service by connecting to TCP port 53 and sending data that begins with many '\0' characters, possibly related to DNS. | |||||
| CVE-2017-10700 | 1 Qnap | 1 Qts | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authenticated, remote attacker can execute arbitrary system commands as the root user of the NAS application. | |||||
| CVE-2017-10908 | 1 Dena | 1 H2o | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header. | |||||
| CVE-2017-1357 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to manipulate work orders to forge emails which could be used to conduct further advanced attacks. IBM X-Force ID: 126684. | |||||
| CVE-2017-14022 | 1 Rockwellautomation | 1 Factorytalk Alarms And Events | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An Improper Input Validation issue was discovered in Rockwell Automation FactoryTalk Alarms and Events, Version 2.90 and earlier. An unauthenticated attacker with remote access to a network with FactoryTalk Alarms and Events can send a specially crafted set of packets packet to Port 403/TCP (the history archiver service), causing the service to either stall or terminate. | |||||
| CVE-2017-11027 | 1 Google | 1 Android | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing UBI image, size is not validated for being smaller than minimum header size causing unintialized data access vulnerability. | |||||
| CVE-2016-3090 | 1 Apache | 1 Struts | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling. | |||||
| CVE-2016-9263 | 1 Wordpress | 1 Wordpress | 2024-02-04 | 2.6 LOW | 4.7 MEDIUM |
| WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file. | |||||
| CVE-2017-12775 | 1 Question2answer | 1 Question2answer | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| qa-include/qa-install.php in Question2Answer before 1.7.5 allows remote attackers to create multiple user accounts. | |||||
| CVE-2017-14908 | 1 Google | 1 Android | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the SafeSwitch test application does not properly validate the number of blocks to verify. | |||||