Total
11766 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1001004 | 1 Typed Function Project | 1 Typed Function | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution. | |||||
| CVE-2016-8738 | 1 Apache | 1 Struts | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. | |||||
| CVE-2017-6078 | 1 Faststone | 1 Maxview | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with a crafted biSize field in the BITMAPINFOHEADER section. | |||||
| CVE-2016-8652 | 1 Dovecot | 1 Dovecot | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service (crash) by aborting authentication without setting a username. | |||||
| CVE-2017-0007 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| Device Guard in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to modify PowerShell script without invalidating associated signatures, aka "PowerShell Security Feature Bypass Vulnerability." | |||||
| CVE-2017-13145 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash. | |||||
| CVE-2016-9686 | 1 Puppet | 1 Puppet Enterprise | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2. | |||||
| CVE-2014-9962 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of a DRM provisioning command. | |||||
| CVE-2017-2314 | 1 Juniper | 1 Junos | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Receipt of a malformed BGP OPEN message may cause the routing protocol daemon (rpd) process to crash and restart. By continuously sending specially crafted BGP OPEN messages, an attacker can repeatedly crash the rpd process causing prolonged denial of service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.3 prior to 12.3R12-S4, 12.3R13, 12.3R3-S4; 12.3X48 prior to 12.3X48-D50; 13.3 prior to 13.3R4-S11, 13.3R10; 14.1 prior to 14.1R8-S3, 14.1R9; 14.1X53 prior to 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R4-S7, 14.2R6-S4, 14.2R7; 15.1 prior to 15.1F2-S11, 15.1F4-S1-J1, 15.1F5-S3, 15.1F6, 15.1R4; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D33, 15.1X53-D50. | |||||
| CVE-2017-12255 | 1 Cisco | 1 Unified Computing System | 2025-04-20 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI, aka a Restricted Shell Break Vulnerability. An attacker could exploit this vulnerability by entering a specific command with crafted arguments. An exploit could allow the attacker to gain shell access to the underlying system. Cisco Bug IDs: CSCve70762. | |||||
| CVE-2016-9726 | 1 Ibm | 2 Qradar Incident Forensics, Qradar Security Information And Event Manager | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| IBM QRadar Incident Forensics 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM Reference #: 1999542. | |||||
| CVE-2017-11932 | 1 Microsoft | 1 Exchange Server | 2025-04-20 | 5.8 MEDIUM | 8.1 HIGH |
| Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing Vulnerability". | |||||
| CVE-2017-1551 | 1 Ibm | 1 Api Connect | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131291. | |||||
| CVE-2010-1821 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows local users to obtain system privileges. | |||||
| CVE-2016-8773 | 1 Huawei | 16 S12700, S12700 Firmware, S5300 and 13 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Huawei S5300 with software V200R003C00, V200R007C00, V200R008C00, V200R009C00; S5700 with software V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C03, V200R007C00, V200R008C00, V200R009C00; S6300 with software V200R003C00, V200R005C00, V200R008C00, V200R009C00; S6700 with software V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R008C00, V200R009C00; S7700 with software V200R007C00, V200R008C00, V200R009C00; S9300 with software V200R007C00, V200R008C00, V200R009C00; S9700 with software V200R007C00, V200R008C00, V200R009C00; and S12700 with software V200R007C00, V200R007C01, V200R008C00, V200R009C00 allow the attacker to cause a denial of service condition by sending malformed MPLS packets. | |||||
| CVE-2017-6974 | 1 Apple | 1 Mac Os X | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the system-installation subsystem of the "System Integrity Protection" component. It allows attackers to modify the contents of a protected disk location via a crafted app. | |||||
| CVE-2017-14230 | 1 Cyrus | 1 Imap | 2025-04-20 | 6.4 MEDIUM | 9.1 CRITICAL |
| In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a 'LIST "" "Other Users"' command. | |||||
| CVE-2017-12670 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, leading to an assertion failure in the function DestroyImage in MagickCore/image.c, which allows attackers to cause a denial of service. | |||||
| CVE-2017-11342 | 1 Libsass | 1 Libsass | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| There is an illegal address access in ast.cpp of LibSass 3.4.5. A crafted input will lead to a remote denial of service attack. | |||||
| CVE-2016-7407 | 1 Dropbear Ssh Project | 1 Dropbear Ssh | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file. | |||||