Total
10920 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6256 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or potential escalation of privileges. | |||||
| CVE-2017-7599 | 1 Libtiff | 1 Libtiff | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | |||||
| CVE-2017-6269 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is used without validation which may lead to denial of service or possible escalation of privileges. | |||||
| CVE-2017-9800 | 1 Apache | 1 Subversion | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://. | |||||
| CVE-2017-1210 | 1 Ibm | 1 Daeja Viewone | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could allow an unauthenticated attacker to inject data into log files made to look legitimate. IBM X-Force ID: 123850. | |||||
| CVE-2017-10897 | 1 Buffalo | 4 Bbr-4hg, Bbr-4hg Firmware, Bbr-4mg and 1 more | 2025-04-20 | 5.5 MEDIUM | 4.5 MEDIUM |
| Input validation issue in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to cause the device to become unresponsive via unspecified vectors. | |||||
| CVE-2017-7217 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters. | |||||
| CVE-2016-5755 | 1 Netiq | 1 Access Manager | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption" setting. | |||||
| CVE-2017-6671 | 1 Cisco | 1 Email Security Appliance Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device, as demonstrated by the Attachment Filter. More Information: CSCvd34632. Known Affected Releases: 10.0.1-087 9.7.1-066. Known Fixed Releases: 10.0.2-020 9.8.1-015. | |||||
| CVE-2015-6839 | 1 Grupo Msa | 1 Vot.ar | 2025-04-20 | 2.1 LOW | 4.6 MEDIUM |
| The parse function in MSA vot.Ar 3.1 does not check whether a candidate receives more than one vote, which allows physically proximate attackers to cast multiple votes for a candidate via a crafted RFID ballot tag. | |||||
| CVE-2017-17802 | 1 Tgsoft | 1 Vir.it Explorer | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273E080. | |||||
| CVE-2014-9805 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file. | |||||
| CVE-2017-2254 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input | |||||
| CVE-2017-15956 | 1 Converto Video Downloader \& Converter Project | 1 Converto Video Downloader \& Converter | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php. | |||||
| CVE-2017-0197 | 1 Microsoft | 1 Onenote | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability." | |||||
| CVE-2010-3050 | 1 Cisco | 1 Ios | 2025-04-20 | 6.8 MEDIUM | 6.5 MEDIUM |
| Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot). | |||||
| CVE-2017-7613 | 3 Canonical, Debian, Elfutils Project | 3 Ubuntu Linux, Debian Linux, Elfutils | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. | |||||
| CVE-2016-1547 | 1 Ntp | 1 Ntp | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled. | |||||
| CVE-2017-9778 | 1 Gnu | 1 Gdb | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB. | |||||
| CVE-2017-2495 | 1 Apple | 2 Iphone Os, Safari | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a denial of service (application crash) via a crafted web site that improperly interacts with the history menu. | |||||