Total
264 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-8213 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8210. | |||||
| CVE-2018-8836 | 1 Wago | 16 750-829, 750-829 Firmware, 750-831 and 13 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communications with commission and service tools. Specially crafted packets may also be sent to Port 2455/TCP/IP, used in Codesys management software, which may result in a denial-of-service condition of communications with commissioning and service tools. | |||||
| CVE-2018-8224 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2024-02-04 | 6.9 MEDIUM | 7.0 HIGH |
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. | |||||
| CVE-2018-8124 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2024-02-04 | 6.9 MEDIUM | 7.0 HIGH |
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8120, CVE-2018-8164, CVE-2018-8166. | |||||
| CVE-2018-8167 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-04 | 4.4 MEDIUM | 7.0 HIGH |
| An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | |||||
| CVE-2018-8170 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-02-04 | 4.4 MEDIUM | 7.0 HIGH |
| An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory, aka "Windows Image Elevation of Privilege Vulnerability." This affects Windows 10, Windows 10 Servers. | |||||
| CVE-2018-8166 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-04 | 6.9 MEDIUM | 7.0 HIGH |
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8120, CVE-2018-8124, CVE-2018-8164. | |||||
| CVE-2017-0769 | 1 Google | 1 Android | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37662122. | |||||
| CVE-2017-1000369 | 2 Debian, Exim | 2 Debian Linux, Exim | 2024-02-04 | 2.1 LOW | 4.0 MEDIUM |
| Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time. | |||||
| CVE-2017-0733 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| A denial of service vulnerability in the Android media framework (libmediaplayerservice). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38391487. | |||||
| CVE-2012-2805 | 1 Ffmpeg | 1 Ffmpeg | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service. | |||||
| CVE-2017-11016 | 1 Google | 1 Android | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when memory allocation fails while creating a calibration block in create_cal_block stale pointers are left uncleared. | |||||
| CVE-2016-10363 | 1 Elastic | 1 Logstash | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and can cause the Logstash process to exit. | |||||
| CVE-2017-1145 | 1 Ibm | 1 Websphere Mq | 2024-02-04 | 7.8 HIGH | 8.6 HIGH |
| IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. IBM Reference #: 1999672. | |||||
| CVE-2017-7472 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls. | |||||
| CVE-2017-8925 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling. | |||||
| CVE-2017-5650 | 1 Apache | 1 Tomcat | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These waiting streams each consumed a thread. A malicious client could therefore construct a series of HTTP/2 requests that would consume all available processing threads. | |||||
| CVE-2017-9059 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a "module reference and kernel daemon" leak. | |||||
| CVE-2016-8212 | 1 Dell | 1 Bsafe Crypto-j | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 6.2.2. There is an Improper OCSP Validation Vulnerability. OCSP responses have two time values: thisUpdate and nextUpdate. These specify a validity period; however, both values are optional. Crypto-J treats the lack of a nextUpdate as indicating that the OCSP response is valid indefinitely instead of restricting its validity for a brief period surrounding the thisUpdate time. This vulnerability is similar to the issue described in CVE-2015-4748. | |||||
| CVE-2017-8071 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 uses a spinlock without considering that sleeping is possible in a USB HID request callback, which allows local users to cause a denial of service (deadlock) via unspecified vectors. | |||||