Total
11373 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4927 | 1 Juniper | 1 Junos Space | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices. | |||||
| CVE-2017-5604 | 1 Mcabber | 1 Mcabber | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for mcabber 1.0.0 - 1.0.4. | |||||
| CVE-2017-9938 | 1 Siemens | 1 Simatic Logon | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was discovered in Siemens SIMATIC Logon (All versions before V1.6) that could allow specially crafted packets sent to the SIMATIC Logon Remote Access service on port 16389/tcp to cause a Denial-of-Service condition. The service restarts automatically. | |||||
| CVE-2017-13061 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.6-5, a length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file. | |||||
| CVE-2016-7580 | 1 Apple | 1 Mac Os X | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the "Mail" component, which allows remote web servers to cause a denial of service via a crafted URL. | |||||
| CVE-2017-14231 | 1 Genixcms | 1 Genixcms | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service (account blockage) by leveraging the mishandling of certain username substring relationships, such as the admin<script> username versus the admin username, related to register.php, User.class.php, and Type.class.php. | |||||
| CVE-2015-5186 | 1 Linux Audit Project | 1 Linux Audit | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Audit before 2.4.4 in Linux does not sanitize escape characters in filenames. | |||||
| CVE-2016-4329 | 1 Kaspersky | 3 Anti-virus, Internet Security, Total Security | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, an attacker can cause application termination and in the same way bypass KAV self-protection mechanism. | |||||
| CVE-2017-6498 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS. | |||||
| CVE-2017-5590 | 2 Chatsecure, Zom | 2 Chatsecure, Zom | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for ChatSecure (3.2.0 - 4.0.0; only iOS) and Zom (all versions up to 1.0.11; only iOS). | |||||
| CVE-2016-4793 | 1 Cakephp | 1 Cakephp | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header. | |||||
| CVE-2017-14944 | 1 Inedo | 1 Proget | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060. | |||||
| CVE-2017-8664 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Server 2012 and 1 more | 2025-04-20 | 7.2 HIGH | 8.8 HIGH |
| Windows Hyper-V in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability". | |||||
| CVE-2016-10243 | 3 Debian, Fedoraproject, Tug | 3 Debian Linux, Fedora, Tex Live | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file. | |||||
| CVE-2017-1460 | 1 Ibm | 1 I | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue router spoofs its origin. Routing tables are affected by a missing LSA, which may lead to loss of connectivity. IBM X-Force ID: 128379. | |||||
| CVE-2017-12218 | 1 Cisco | 1 Asyncos | 2025-04-20 | 5.0 MEDIUM | 5.8 MEDIUM |
| A vulnerability in the malware detection functionality within Advanced Malware Protection (AMP) of Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated, remote attacker to cause an email attachment containing malware to be delivered to the end user. The vulnerability is due to the failure of AMP to scan certain EML attachments that could contain malware. An attacker could exploit this vulnerability by sending an email with a crafted EML attachment through the targeted device. A successful exploit could allow the attacker to bypass the configured ESA email message and content filtering and allow the malware to be delivered to the end user. Vulnerable Products: This vulnerability affects Cisco AsyncOS Software for Cisco ESA, both virtual and hardware appliances, that are configured with message or content filters to scan incoming email attachments on the ESA. Cisco Bug IDs: CSCuz81533. | |||||
| CVE-2017-9353 | 1 Wireshark | 1 Wireshark | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address. | |||||
| CVE-2017-1210 | 1 Ibm | 1 Daeja Viewone | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could allow an unauthenticated attacker to inject data into log files made to look legitimate. IBM X-Force ID: 123850. | |||||
| CVE-2017-11495 | 1 Phicomm | 2 K2\(psg1218\), K2\(psg1218\)-firmware | 2025-04-20 | 9.0 HIGH | 9.8 CRITICAL |
| PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticated remote code execution via a request to an unspecified ASP script; alternatively, the attacker can leverage unauthenticated access to this script to trigger a reboot via an ifType=reboot action. | |||||
| CVE-2017-8019 | 1 Emc | 1 Scaleio | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers (MDM, SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets to stop ScaleIO services and cause a denial of service situation. | |||||