Total
11381 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8129 | 1 Huawei | 1 Uma | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges. | |||||
| CVE-2017-7346 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 4.9 MEDIUM | 5.5 MEDIUM |
| The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device. | |||||
| CVE-2016-2516 | 1 Ntp | 1 Ntp | 2025-04-20 | 7.1 HIGH | 5.3 MEDIUM |
| NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive. | |||||
| CVE-2014-0072 | 1 Apache | 2 Cordova, Cordova File Transfer | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through 2.9.0 might allow remote attackers to spoof SSL servers by leveraging a default value of true for the trustAllHosts option. | |||||
| CVE-2016-7407 | 1 Dropbear Ssh Project | 1 Dropbear Ssh | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file. | |||||
| CVE-2017-14087 | 1 Trendmicro | 1 Officescan | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages. | |||||
| CVE-2017-6727 | 1 Cisco | 1 Wide Area Application Services | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the Server Message Block (SMB) protocol of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device due to a process restarting unexpectedly and creating Core Dump files. More Information: CSCvc63035. Known Affected Releases: 6.2(3a). Known Fixed Releases: 6.3(0.167) 6.2(3c)5 6.2(3.22). | |||||
| CVE-2017-14182 | 1 Fortinet | 1 Fortios | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, via passing a specially crafted payload to the 'params' parameter of the JSON web API. | |||||
| CVE-2017-11673 | 1 Acunetix | 1 Web Vulnerability Scanner | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Reporter.exe in Acunetix 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed PRE file, related to a "User Mode Write AV starting at reporter!madTraceProcess." | |||||
| CVE-2016-9379 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-20 | 4.6 MEDIUM | 7.9 HIGH |
| The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file. | |||||
| CVE-2017-2378 | 1 Apple | 2 Iphone Os, Safari | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves bookmark creation in the "WebKit" component. It allows remote attackers to execute arbitrary code or spoof a bookmark by leveraging mishandling of links during drag-and-drop actions. | |||||
| CVE-2017-3822 | 1 Cisco | 1 Firepower Threat Defense | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the logging subsystem of the Cisco Firepower Threat Defense (FTD) Firepower Device Manager (FDM) could allow an unauthenticated, remote attacker to add arbitrary entries to the audit log. This vulnerability affects Cisco Firepower Threat Defense Software versions 6.1.x on the following vulnerable products that have enabled FDM: ASA5506-X ASA5506W-X ASA5506H-X ASA5508-X ASA5516-X ASA5512-X ASA5515-X ASA5525-X ASA5545-X ASA5555-X. More Information: CSCvb86860. Known Affected Releases: FRANGELICO. Known Fixed Releases: 6.2.0. | |||||
| CVE-2017-12244 | 1 Cisco | 1 Secure Firewall Management Center | 2025-04-20 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability in the detection engine parsing of IPv6 packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause high CPU utilization or to cause a denial of service (DoS) condition because the Snort process restarts unexpectedly. The vulnerability is due to improper input validation of the fields in the IPv6 extension header packet. An attacker could exploit this vulnerability by sending a malicious IPv6 packet to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. This vulnerability is specific to IPv6 traffic only. This vulnerability affects Cisco Firepower System Software Releases 6.0 and later when the software has one or more file action policies configured and is running on any of the following Cisco products: 3000 Series Industrial Security Appliances (ISR), Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services, Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls, Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances, Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances, FirePOWER 7000 Series Appliances, FirePOWER 8000 Series Appliances, Firepower Threat Defense for Integrated Services Routers (ISRs), Firepower 2100 Series Security Appliances, Firepower 4100 Series Security Appliances, Firepower 9300 Series Security Appliances, Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware. Cisco Bug IDs: CSCvd34776. | |||||
| CVE-2009-1197 | 1 Apache | 1 Juddi | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Apache jUDDI before 2.0 allows attackers to spoof entries in log files via vectors related to error logging of keys from uddiget.jsp. | |||||
| CVE-2017-12250 | 1 Cisco | 1 Wide Area Application Services | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the HTTP web interface for Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an HTTP Application Optimization (AO) related process to restart, causing a partial denial of service (DoS) condition. The vulnerability is due to lack of input validation of user-supplied input parameters within an HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request through the targeted device. An exploit could allow the attacker to cause a DoS condition due to a process unexpectedly restarting. The WAAS could drop traffic during the brief time the process is restarting. Cisco Bug IDs: CSCvc63048. | |||||
| CVE-2017-12217 | 1 Cisco | 2 Asr 5500, Asr 5500 Firmware | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the General Packet Radio Service (GPRS) Tunneling Protocol ingress packet handler of Cisco ASR 5500 System Architecture Evolution (SAE) Gateways could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation of GPRS Tunneling Protocol packet headers. An attacker could exploit this vulnerability by sending a malformed GPRS Tunneling Protocol packet to an affected device. A successful exploit could allow the attacker to cause the GTPUMGR process on an affected device to restart unexpectedly, resulting in a partial DoS condition. If the GTPUMGR process restarts, there could be a brief impact on traffic passing through the device. Cisco Bug IDs: CSCve07119. | |||||
| CVE-2017-15324 | 1 Huawei | 4 S5700, S5700 Firmware, S6700 and 1 more | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
| Huawei S5700 and S6700 with software of V200R005C00 have a DoS vulnerability due to insufficient validation of the Network Quality Analysis (NQA) packets. A remote attacker could exploit this vulnerability by sending malformed NQA packets to the target device. Successful exploitation could make the device restart. | |||||
| CVE-2017-9778 | 1 Gnu | 1 Gdb | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB. | |||||
| CVE-2017-1000201 | 1 Tcmu-runner Project | 1 Tcmu-runner | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack | |||||
| CVE-2017-11183 | 1 Glpi-project | 1 Glpi | 2025-04-20 | 5.5 MEDIUM | 4.9 MEDIUM |
| front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file parameter. | |||||