Total
10068 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9317 | 1 Libgd | 1 Libgd | 2024-02-04 | 7.1 HIGH | 5.5 MEDIUM |
| The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image. | |||||
| CVE-2016-4927 | 1 Juniper | 1 Junos Space | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
| Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices. | |||||
| CVE-2017-2511 | 1 Apple | 1 Safari | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site. | |||||
| CVE-2017-3873 | 1 Cisco | 10 Aironet 1830e, Aironet 1830i, Aironet 1850e and 7 more | 2024-02-04 | 7.9 HIGH | 7.5 HIGH |
| A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Lightweight Access Point (AP) or Mobility Express image could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges. The vulnerability is due to insufficient validation of PnP server responses. The PnP feature is only active while the device does not contain a configuration, such as a first time boot or after a factory reset has been issued. An attacker with the ability to respond to PnP configuration requests from the affected device can exploit the vulnerability by returning malicious PnP responses. If a Cisco Application Policy Infrastructure Controller - Enterprise Module (APIC-EM) is available on the network, the attacker would need to exploit the issue in the short window before a valid PnP response was received. If successful, the attacker could gain the ability to execute arbitrary code with root privileges on the underlying operating system of the device. Cisco has confirmed that the only vulnerable software version is 8.3.102.0. Cisco Bug IDs: CSCvb42386. | |||||
| CVE-2016-9009 | 1 Ibm | 1 Websphere Mq | 2024-02-04 | 4.0 MEDIUM | 3.1 LOW |
| IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering. IBM Reference #: 1998647. | |||||
| CVE-2017-7478 | 1 Openvpn | 1 Openvpn | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2. | |||||
| CVE-2017-7408 | 1 Paloaltonetworks | 1 Traps | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to cause a denial of service by leveraging improper validation of requests to revoke a Traps agent license. | |||||
| CVE-2017-2378 | 1 Apple | 2 Iphone Os, Safari | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves bookmark creation in the "WebKit" component. It allows remote attackers to execute arbitrary code or spoof a bookmark by leveraging mishandling of links during drag-and-drop actions. | |||||
| CVE-2017-6554 | 1 Quest | 1 Privilege Manager | 2024-02-04 | 9.0 HIGH | 7.2 HIGH |
| pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured as a policy server, allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action. | |||||
| CVE-2016-6461 | 1 Cisco | 1 Adaptive Security Appliance Software | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| A vulnerability in the HTTP web-based management interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to inject arbitrary XML commands on the affected system. More Information: CSCva38556. Known Affected Releases: 9.1(6.10). Known Fixed Releases: 100.11(0.75) 100.15(0.137) 100.8(40.129) 96.2(0.95) 97.1(0.55) 97.1(12.7) 97.1(6.30). | |||||
| CVE-2017-9131 | 1 Mimosa | 2 Backhaul Radios, Client Radios | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. By connecting to the Mosquitto broker on an access point and one of its clients, an attacker can gather enough information to craft a command that reboots the client remotely when sent to the client's Mosquitto broker, aka "unauthenticated remote command execution." This command can be re-sent endlessly to act as a DoS attack on the client. | |||||
| CVE-2016-6247 | 1 Openbsd | 1 Openbsd | 2024-02-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| OpenBSD 5.8 and 5.9 allows certain local users to cause a denial of service (kernel panic) by unmounting a filesystem with an open vnode on the mnt_vnodelist. | |||||
| CVE-2017-9188 | 1 Autotrace Project | 1 Autotrace | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| libautotrace.a in AutoTrace 0.31.1 has a "left shift ... cannot be represented in type int" issue in input-bmp.c:516:63. | |||||
| CVE-2017-7979 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via "tc filter add" commands in certain contexts. NOTE: this does not affect stable kernels, such as 4.10.x, from kernel.org. | |||||
| CVE-2016-4332 | 1 Hdfgroup | 1 Hdf5 | 2024-02-04 | 6.9 MEDIUM | 8.6 HIGH |
| The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library. | |||||
| CVE-2016-9147 | 1 Isc | 1 Bind | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets. | |||||
| CVE-2017-3162 | 1 Apache | 1 Hadoop | 2024-02-04 | 7.5 HIGH | 7.3 HIGH |
| HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0. | |||||
| CVE-2017-7262 | 1 Amd | 1 Ryzen | 2024-02-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows local users to cause a denial of service (system hang) via an application that makes a long series of FMA3 instructions, as demonstrated by the Flops test suite. | |||||
| CVE-2009-5147 | 1 Ruby-lang | 1 Ruby | 2024-02-04 | 7.5 HIGH | 7.3 HIGH |
| DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names. | |||||
| CVE-2015-1611 | 1 Opendaylight | 1 Openflow | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to "fake LLDP injection." | |||||