Total
11158 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9052 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached while processing a downlink message. | |||||
| CVE-2015-3913 | 1 Huawei | 44 S12700, S12700 Firmware, S2300 and 41 more | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
| The IP stack in multiple Huawei Campus series switch models allows remote attackers to cause a denial of service (reboot) via a crafted ICMP request message. | |||||
| CVE-2015-9048 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of lost RTP packets. | |||||
| CVE-2017-6719 | 1 Cisco | 1 Ios Xr | 2025-04-20 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with root privileges, aka Command Injection. More Information: CSCvb99406. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.2.1.28i.BASE 6.2.1.22i.BASE 6.1.32.8i.BASE 6.1.31.3i.BASE 6.1.3.10i.BASE. | |||||
| CVE-2017-12784 | 1 Ccfile | 1 Cc File Transfer | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An example payload is a malformed request header with many '|' characters. NOTE: some sources use this ID for a NoviWare issue, but the correct ID for that issue is CVE-2017-12787. | |||||
| CVE-2017-12976 | 1 Git-annex Project | 1 Git-annex | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117. | |||||
| CVE-2014-8119 | 3 Fedoraproject, Netcf Project, Redhat | 3 Fedora, Netcf, Enterprise Linux | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions. | |||||
| CVE-2017-14335 | 1 Hbgk | 138 7204xr, 7204xr Firmware, 7208xr and 135 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change. | |||||
| CVE-2017-3875 | 1 Cisco | 9 Nexus 7000 10-slot, Nexus 7000 18-slot, Nexus 7000 4-slot and 6 more | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Access-Control Filtering Mechanisms Bypass vulnerability in certain access-control filtering mechanisms on Cisco Nexus 7000 Series Switches could allow an unauthenticated, remote attacker to bypass defined traffic configured within an access control list (ACL) on the affected system. More Information: CSCtz59354. Known Affected Releases: 5.2(4) 6.1(3)S5 6.1(3)S6 6.2(1.121)S0 7.2(1)D1(1) 7.3(0)ZN(0.161) 7.3(1)N1(0.1). Known Fixed Releases: 7.3(0)D1(1) 6.2(2) 6.1(5) 8.3(0)KMT(0.24) 8.3(0)CV(0.337) 7.3(1)N1(1) 7.3(0)ZN(0.210) 7.3(0)ZN(0.177) 7.3(0)ZD(0.194) 7.3(0)TSH(0.99) 7.3(0)SC(0.14) 7.3(0)RSP(0.7) 7.3(0)N1(1) 7.3(0)N1(0.193) 7.3(0)IZN(0.13) 7.3(0)IB(0.102) 7.3(0)GLF(0.44) 7.3(0)D1(0.178) 7.1(0)D1(0.14) 7.0(3)ITI2(1.6) 7.0(3)ISH1(2.13) 7.0(3)IFD6(0.78) 7.0(3)IFD6(0) 7.0(3)IDE6(0.12) 7.0(3)IDE6(0) 7.0(3)I2(1) 7.0(3)I2(0.315) 7.0(1)ZD(0.3) 7.0(0)ZD(0.84) 6.2(1.149)S0 6.2(0.285) 6.1(5.32)S0 6.1(4.97)S0 6.1(2.30)S0. | |||||
| CVE-2017-3898 | 1 Mcafee | 1 Livesafe | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe (MLS) versions prior to 16.0.3 allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response. | |||||
| CVE-2015-9044 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list. | |||||
| CVE-2014-9805 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file. | |||||
| CVE-2017-5217 | 1 Samsung | 1 Samsung Mobile | 2025-04-20 | 7.1 HIGH | 5.5 MEDIUM |
| Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. The zero-permission app will create an active install session for a separate app that it has embedded within it. The active install session of the embedded app is performed using the android.content.pm.PackageInstaller class and its nested classes in the Android API. The active install session will write the embedded APK file to the /data/app directory, but the app will not be installed since third-party applications cannot programmatically install apps. Samsung has modified AOSP in order to accelerate the parsing of APKs by introducing the com.android.server.pm.PackagePrefetcher class and its nested classes. These classes will parse the APKs present in the /data/app directory and other directories, even if the app is not actually installed. The embedded APK that was written to the /data/app directory via the active install session has a very large but valid AndroidManifest.xml file. Specifically, the AndroidManifest.xml file contains a very large string value for the name of a permission-tree that it declares. When system_server tries to parse the APK file of the embedded app from the active install session, it will crash due to an uncaught error (i.e., java.lang.OutOfMemoryError) or an uncaught exception (i.e., std::bad_alloc) because of memory constraints. The Samsung Android device will encounter a soft reboot due to a system_server crash, and this action will keep repeating since parsing the APKs in the /data/app directory as performed by the system_server process is part of the normal boot process. The Samsung ID is SVE-2016-6917. | |||||
| CVE-2017-7408 | 1 Paloaltonetworks | 1 Traps | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to cause a denial of service by leveraging improper validation of requests to revoke a Traps agent license. | |||||
| CVE-2017-17810 | 2 Canonical, Nasm | 2 Ubuntu Linux, Netwide Assembler | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments. | |||||
| CVE-2017-6735 | 1 Cisco | 1 Firesight System Software | 2025-04-20 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. More Information: CSCvc91092. Known Affected Releases: 6.2.0 6.2.1. | |||||
| CVE-2017-2731 | 1 Huawei | 2 P9 Plus, P9 Plus Firmware | 2025-04-20 | 7.1 HIGH | 5.5 MEDIUM |
| The vibrator service in P9 Plus smart phones with software versions earlier before VIE-AL10C00B386 has DoS vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone vibrator service interface to crash the system. | |||||
| CVE-2015-7855 | 4 Debian, Netapp, Ntp and 1 more | 11 Debian Linux, Clustered Data Ontap, Data Ontap and 8 more | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value. | |||||
| CVE-2017-12145 | 1 Libquicktime | 1 Libquicktime | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_ftyp in ftyp.c, which allows attackers to cause a denial of service via a crafted file. | |||||
| CVE-2017-12287 | 1 Cisco | 3 Expressway, Telepresence Conductor, Telepresence Video Communication Server | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the cluster database (CDB) management component of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to cause the CDB process on an affected system to restart unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to incomplete input validation of URL requests by the REST API of the affected software. An attacker could exploit this vulnerability by sending a crafted URL to the REST API of the affected software on an affected system. A successful exploit could allow the attacker to cause the CDB process on the affected system to restart unexpectedly, resulting in a temporary DoS condition. Cisco Bug IDs: CSCve77571. | |||||