Total
11765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15879 | 1 Keystonejs | 1 Keystone | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export. | |||||
| CVE-2017-11411 | 1 Wireshark | 1 Wireshark | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
| In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9350. | |||||
| CVE-2017-12801 | 1 Matroska | 3 Libebml2, Mkclean, Mkvalidator | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| The UpdateDataSize function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. | |||||
| CVE-2016-8762 | 1 Huawei | 6 P8 Lite, P8 Lite Firmware, P9 and 3 more | 2025-04-20 | 1.9 LOW | 5.0 MEDIUM |
| The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 and earlier versions has an input validation vulnerability, which allows attackers to cause the system to restart. | |||||
| CVE-2017-5076 | 5 Apple, Google, Linux and 2 more | 8 Macos, Android, Chrome and 5 more | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | |||||
| CVE-2017-8585 | 1 Microsoft | 1 .net Framework | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability. | |||||
| CVE-2017-9065 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API. | |||||
| CVE-2015-8538 | 1 Libdwarf Project | 1 Libdwarf | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV). | |||||
| CVE-2017-5944 | 1 Bestpractical | 1 Request Tracker | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name. | |||||
| CVE-2016-2517 | 1 Ntp | 1 Ntp | 2025-04-20 | 4.9 MEDIUM | 5.3 MEDIUM |
| NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression. | |||||
| CVE-2017-5932 | 1 Gnu | 1 Bash | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter. | |||||
| CVE-2014-9811 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file. | |||||
| CVE-2017-5605 | 1 Movim | 1 Movim | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Movim 0.8 - 0.10. | |||||
| CVE-2016-7742 | 1 Apple | 1 Mac Os X | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "xar" component, which allows remote attackers to execute arbitrary code via a crafted archive that triggers use of uninitialized memory locations. | |||||
| CVE-2017-6674 | 1 Cisco | 1 Firesight System | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device. More Information: CSCvb16413. Known Affected Releases: 6.0.1 6.1.0 6.2.0 6.2.1. Known Fixed Releases: 6.2.1 6.2.0.1 6.1.0.2. | |||||
| CVE-2017-9046 | 1 Pmail | 1 Pegasus | 2025-04-20 | 4.4 MEDIUM | 7.3 HIGH |
| winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed locally. For example, if ssgp.dll is on the desktop and executes arbitrary code in the DllMain function, then clicking on a mailto: link on a remote web page triggers the attack. | |||||
| CVE-2017-5099 | 3 Debian, Google, Linux | 3 Debian Linux, Chrome, Linux Kernel | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page. | |||||
| CVE-2015-2245 | 1 Huawei | 2 P7-l09, P7-l09 Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Huawei Ascend P7 allows remote attackers to cause a denial of service (phone process crash). | |||||
| CVE-2017-14022 | 1 Rockwellautomation | 1 Factorytalk Alarms And Events | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An Improper Input Validation issue was discovered in Rockwell Automation FactoryTalk Alarms and Events, Version 2.90 and earlier. An unauthenticated attacker with remote access to a network with FactoryTalk Alarms and Events can send a specially crafted set of packets packet to Port 403/TCP (the history archiver service), causing the service to either stall or terminate. | |||||
| CVE-2016-7790 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload 'php' file to the website through uploader_paste.php, then overwrite /framework/conf/config.php, which leads to arbitrary code execution. | |||||