Total
11766 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9977 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 120253. | |||||
| CVE-2016-5755 | 1 Netiq | 1 Access Manager | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption" setting. | |||||
| CVE-2017-12336 | 1 Cisco | 2 Nx-os, Unified Computing System | 2025-04-20 | 4.6 MEDIUM | 4.2 MEDIUM |
| A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient input validation of user-supplied files passed to the interactive TCL shell of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or tclsh execution privileges. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCve93750, CSCve93762, CSCve93763, CSCvg04127. | |||||
| CVE-2016-4868 | 1 Cybozu | 1 Office | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests. | |||||
| CVE-2017-15270 | 1 Psftp | 1 Psftpd | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. This can be used by attackers to hide data in the Graphical User Interface (GUI) view and create arbitrary entries to a certain extent. Special characters such as '"' and ',' and '\r' are not escaped and can be used to add new entries to the log. | |||||
| CVE-2017-12961 | 1 Gnu | 1 Pspp | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service. | |||||
| CVE-2017-7747 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree. | |||||
| CVE-2017-7124 | 1 Apple | 1 Mac Os X | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2014-9805 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file. | |||||
| CVE-2015-9069 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, the Secure File System can become corrupted. | |||||
| CVE-2015-0853 | 1 Pysvn Project | 1 Svn-workbench | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
| svn-workbench 1.6.2 and earlier on a system with xeyes installed allows local users to execute arbitrary commands by using the "Command Shell" menu item while in the directory trunk/$(xeyes). | |||||
| CVE-2016-9444 | 1 Isc | 1 Bind | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer. | |||||
| CVE-2017-6141 | 1 F5 | 8 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Application Acceleration Manager and 5 more | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and WebSafe 12.1.0 through 12.1.2, certain values in a TLS abbreviated handshake when using a client SSL profile with the Session Ticket option enabled may cause disruption of service to the Traffic Management Microkernel (TMM). The Session Ticket option is disabled by default. | |||||
| CVE-2016-5197 | 1 Google | 1 Chrome | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| The content view client in Google Chrome prior to 54.0.2840.85 for Android insufficiently validated intent URLs, which allowed a remote attacker who had compromised the renderer process to start arbitrary activity on the system via a crafted HTML page. | |||||
| CVE-2017-11099 | 1 Swftools | 1 Swftools | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono() function in lib/wav.c. | |||||
| CVE-2017-10700 | 1 Qnap | 1 Qts | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authenticated, remote attacker can execute arbitrary system commands as the root user of the NAS application. | |||||
| CVE-2016-9147 | 1 Isc | 1 Bind | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets. | |||||
| CVE-2017-14098 | 1 Digium | 1 Asterisk | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash. | |||||
| CVE-2017-13703 | 1 Moxa | 2 Eds-g512e, Eds-g512e Firmware | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A denial of service may occur. | |||||
| CVE-2017-17952 | 1 Php Multivendor Ecommerce Project | 1 Php Multivendor Ecommerce | 2025-04-20 | 5.0 MEDIUM | 8.6 HIGH |
| PHP Scripts Mall PHP Multivendor Ecommerce has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address. | |||||