Total
11765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6662 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2025-04-20 | 6.0 MEDIUM | 8.0 HIGH |
| A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code execution. The attacker must have valid user credentials. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file with malicious entries which could allow the attacker to read and write files and execute remote code within the application, aka XML Injection. Cisco Prime Infrastructure software releases 1.1 through 3.1.6 are vulnerable. Cisco EPNM software releases 1.2, 2.0, and 2.1 are vulnerable. Cisco Bug IDs: CSCvc23894 CSCvc49561. | |||||
| CVE-2017-9353 | 1 Wireshark | 1 Wireshark | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address. | |||||
| CVE-2017-7730 | 1 Ismartalarm | 2 Cubeone, Cubeone Firmware | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
| iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood on port 12345 will freeze the "cube" and it will stop responding. | |||||
| CVE-2017-5591 | 3 Poezio, Sleekxmpp Project, Slixmpp Project | 3 Poezio, Sleekxmpp, Slixmpp | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and Slixmpp all versions up to 1.2.3, as bundled in poezio (0.8 - 0.10) and other products. | |||||
| CVE-2017-11781 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
| The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a denial of service vulnerability when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". | |||||
| CVE-2017-2179 | 1 Ipa | 1 Appgoat | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allows remote code execution via unspecified vectors, a different vulnerability than CVE-2017-2181 and CVE-2017-2182. | |||||
| CVE-2017-7601 | 1 Libtiff | 1 Libtiff | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | |||||
| CVE-2017-9034 | 1 Trendmicro | 1 Serverprotect | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates. | |||||
| CVE-2017-6272 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to a denial of service or possible escalation of privileges. | |||||
| CVE-2017-7154 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-20 | 5.6 MEDIUM | 6.6 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (system crash). | |||||
| CVE-2017-3889 | 1 Cisco | 1 Registered Envelope Service | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to redirect a user to a undesired web page, aka an Open Redirect. This vulnerability affects the Cisco Registered Envelope cloud-based service. More Information: CSCvc60123. Known Affected Releases: 5.1.0-015. | |||||
| CVE-2017-12217 | 1 Cisco | 2 Asr 5500, Asr 5500 Firmware | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the General Packet Radio Service (GPRS) Tunneling Protocol ingress packet handler of Cisco ASR 5500 System Architecture Evolution (SAE) Gateways could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation of GPRS Tunneling Protocol packet headers. An attacker could exploit this vulnerability by sending a malformed GPRS Tunneling Protocol packet to an affected device. A successful exploit could allow the attacker to cause the GTPUMGR process on an affected device to restart unexpectedly, resulting in a partial DoS condition. If the GTPUMGR process restarts, there could be a brief impact on traffic passing through the device. Cisco Bug IDs: CSCve07119. | |||||
| CVE-2017-6770 | 1 Cisco | 7 Adaptive Security Appliance Software, Ios, Ios Xe and 4 more | 2025-04-20 | 4.0 MEDIUM | 4.2 MEDIUM |
| Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software 7.0.1 through 9.7.1.2, NX-OS 4.0 through 12.0, and IOS XE 3.6 through 3.18 are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database. This vulnerability could allow an unauthenticated, remote attacker to take full control of the OSPF Autonomous System (AS) domain routing table, allowing the attacker to intercept or black-hole traffic. The attacker could exploit this vulnerability by injecting crafted OSPF packets. Successful exploitation could cause the targeted router to flush its routing table and propagate the crafted OSPF LSA type 1 update throughout the OSPF AS domain. To exploit this vulnerability, an attacker must accurately determine certain parameters within the LSA database on the target router. This vulnerability can only be triggered by sending crafted unicast or multicast OSPF LSA type 1 packets. No other LSA type packets can trigger this vulnerability. OSPFv3 is not affected by this vulnerability. Fabric Shortest Path First (FSPF) protocol is not affected by this vulnerability. Cisco Bug IDs: CSCva74756, CSCve47393, CSCve47401. | |||||
| CVE-2017-0458 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32588962. References: QC-CR#1089433. | |||||
| CVE-2017-0178 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Server 2012 and 1 more | 2025-04-20 | 5.2 MEDIUM | 5.4 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V running on Windows 10, Windows 10 1511, Windows 10 1607, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186. | |||||
| CVE-2017-7122 | 1 Apple | 1 Mac Os X | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2016-8756 | 1 Huawei | 2 Mate 8, Mate 8 Firmware | 2025-04-20 | 7.1 HIGH | 5.5 MEDIUM |
| ION memory management module in Huawei Mate 8 phones with software NXT-AL10C00B197 and earlier versions, NXT-DL10C00B197 and earlier versions, NXT-TL10C00B197 and earlier versions, NXT-CL10C00B197 and earlier versions allows attackers to cause a denial of service (restart). | |||||
| CVE-2017-9457 | 1 Compulab | 2 Intense Pc, Intense Pc Firmware | 2025-04-20 | 7.2 HIGH | 6.7 MEDIUM |
| Intense PC Phoenix SecureCore UEFI firmware does not perform capsule signature validation before upgrading the system firmware. The absence of signature validation allows an attacker with administrator privileges to flash a modified UEFI BIOS. | |||||
| CVE-2016-7998 | 1 Spip | 1 Spip | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action. | |||||
| CVE-2017-0724 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36819262. | |||||