Total
10071 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6815 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation. | |||||
| CVE-2016-5193 | 1 Google | 1 Chrome | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages. | |||||
| CVE-2016-8818 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| All versions of NVIDIA Windows GPU Display contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a pointer passed from a user to the driver is used without validation, leading to denial of service or potential escalation of privileges. | |||||
| CVE-2017-2368 | 1 Apple | 1 Iphone Os | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "Contacts" component. It allows remote attackers to cause a denial of service (application crash) via a crafted contact card. | |||||
| CVE-2016-9249 | 1 F5 | 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 7 more | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| An undisclosed traffic pattern received by a BIG-IP Virtual Server with TCP Fast Open enabled may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS). | |||||
| CVE-2017-0346 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges. | |||||
| CVE-2017-3818 | 1 Cisco | 1 Email Security Appliance Firmware | 2024-02-04 | 5.0 MEDIUM | 5.8 MEDIUM |
| A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device, aka a Malformed MIME Header Filtering Bypass. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. More Information: CSCvb65245. Known Affected Releases: 9.7.1-066. Known Fixed Releases: 9.8.0-092. | |||||
| CVE-2017-7456 | 1 Moxa | 1 Mxview | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Moxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk payload for the MXView client login credentials. | |||||
| CVE-2016-4868 | 1 Cybozu | 1 Office | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests. | |||||
| CVE-2015-7893 | 1 Samsung | 1 Galaxy S6 | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript. | |||||
| CVE-2016-9385 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-02-04 | 4.9 MEDIUM | 6.0 MEDIUM |
| The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks. | |||||
| CVE-2017-9090 | 1 Allen Disk Project | 1 Allen Disk | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha']. | |||||
| CVE-2015-6567 | 1 Wolfcms | 1 Wolf Cms | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly. Exploitation requires a registered user who has access to upload functionality. | |||||
| CVE-2016-9212 | 1 Cisco | 1 Web Security Appliance | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer (SSL) or Transport Layer Security (TLS), even if the WSA is configured to block connections to the website. Affected Products: This vulnerability affects Cisco Web Security Appliances if the HTTPS decryption options are enabled and configured for the device to block connections to certain websites. More Information: CSCvb49012. Known Affected Releases: 9.0.1-162 9.1.1-074. | |||||
| CVE-2016-6084 | 1 Ibm | 1 Bigfix Platform | 2024-02-04 | 3.3 LOW | 6.5 MEDIUM |
| IBM BigFix Platform could allow an attacker on the local network to crash the BES server using a specially crafted XMLSchema request. | |||||
| CVE-2017-7606 | 1 Imagemagick | 1 Imagemagick | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | |||||
| CVE-2017-0484 | 1 Google | 1 Android | 2024-02-04 | 7.1 HIGH | 5.5 MEDIUM |
| A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33298089. | |||||
| CVE-2017-0076 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-04 | 2.9 LOW | 5.4 MEDIUM |
| Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0074, CVE-2017-0097, and CVE-2017-0099. | |||||
| CVE-2016-4546 | 1 Samsung | 1 Samsung Mobile | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (IAndroidShm service crash) via crafted data in a service call. | |||||
| CVE-2016-9379 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-02-04 | 4.6 MEDIUM | 7.9 HIGH |
| The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file. | |||||