Total
11506 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12274 | 1 Cisco | 11 Aironet 1562 Firmware, Aironet 1562d, Aironet 1562e and 8 more | 2025-04-20 | 6.1 MEDIUM | 6.5 MEDIUM |
| A vulnerability in Extensible Authentication Protocol (EAP) ingress frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of the EAP frame. An attacker could exploit this vulnerability by sending a malformed EAP frame to the targeted device. A successful exploit could allow the attacker to cause the AP to reload, resulting in a DoS condition while the AP is reloading. It may be necessary to manually power cycle the device in order for it to recover. This vulnerability affects the following Cisco products running either the Lightweight AP Software or Mobility Express image: Aironet 1560 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Note: The Cisco Aironet 1560 Series Access Point device is supported as of release 8.3.112.0. Cisco Bug IDs: CSCve18935. | |||||
| CVE-2017-17801 | 1 Tgsoft | 1 Vir.it Explorer | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273E060. | |||||
| CVE-2015-0853 | 1 Pysvn Project | 1 Svn-workbench | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
| svn-workbench 1.6.2 and earlier on a system with xeyes installed allows local users to execute arbitrary commands by using the "Command Shell" menu item while in the directory trunk/$(xeyes). | |||||
| CVE-2015-5179 | 1 Freeipa | 1 Freeipa | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| FreeIPA might display user data improperly via vectors involving non-printable characters. | |||||
| CVE-2017-13709 | 1 Flightgear | 1 Flightgear | 2025-04-20 | 6.4 MEDIUM | 7.5 HIGH |
| In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree. | |||||
| CVE-2017-7597 | 1 Libtiff | 1 Libtiff | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | |||||
| CVE-2017-6759 | 1 Cisco | 1 Prime Collaboration Provisioning | 2025-04-20 | 6.8 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by triggering the upgrade package installation functionality. Cisco Bug IDs: CSCvc90304. | |||||
| CVE-2017-12286 | 1 Cisco | 2 Jabber, Webex Meeting Center | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profile information from the affected software, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input and validation checks in the affected software. An attacker could exploit this vulnerability by authenticating locally to an affected system and then issuing specific commands to the affected software. A successful exploit could allow the attacker to view all profile information for a user instead of only certain Jabber parameters that should be visible. This vulnerability affects all releases of Cisco Jabber prior to Release 1.9.31. Cisco Bug IDs: CSCve52418. | |||||
| CVE-2016-6087 | 1 Ibm | 1 Domino | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918. | |||||
| CVE-2016-1547 | 1 Ntp | 1 Ntp | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled. | |||||
| CVE-2017-6436 | 1 Libplist Project | 1 Libplist | 2025-04-20 | 1.9 LOW | 5.0 MEDIUM |
| The parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory allocation error) via a crafted plist file. | |||||
| CVE-2017-17803 | 1 Tgsoft | 1 Vir.it Explorer | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x82736068, a different vulnerability than CVE-2017-17475. | |||||
| CVE-2017-0675 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34779227. | |||||
| CVE-2017-8814 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk." | |||||
| CVE-2017-0171 | 1 Microsoft | 3 Windows Server 2008, Windows Server 2012, Windows Server 2016 | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Windows DNS Server allows a denial of service vulnerability when Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 are configured to answer version queries, aka "Windows DNS Server Denial of Service Vulnerability". | |||||
| CVE-2017-1428 | 1 Ibm | 1 Cognos Analytics | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Cognos Analytics 11.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 127583. | |||||
| CVE-2017-2347 | 1 Juniper | 1 Junos | 2025-04-20 | 5.0 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability in rpd daemon of Juniper Networks Junos OS allows a malformed MPLS ping packet to crash the rpd daemon if MPLS OAM is configured. Repeated crashes of the rpd daemon can result in an extended denial of service condition for the device. The affected releases are Junos OS 12.3X48 prior to 12.3X48-D50, 12.3X48-D55; 13.3 prior to 13.3R10; 14.1 prior to 14.1R4-S13, 14.1R8-S3, 14.1R9; 14.1X53 prior to 14.1X53-D42, 14.1X53-D50; 14.2 prior to 14.2R4-S8, 14.2R7-S6, 14.2R8; 15.1 prior to 15.1F2-S14, 15.1F5-S7, 15.1F6-S4, 15.1F7, 15.1R4-S7, 15.1R5-S1, 15.1R6; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D105, 15.1X53-D47, 15.1X53-D62, 15.1X53-D70; 16.1 prior to 16.1R3-S3, 16.1R4. No other Juniper Networks products or platforms are affected by this issue. | |||||
| CVE-2017-10918 | 1 Xen | 1 Xen | 2025-04-20 | 10.0 HIGH | 10.0 CRITICAL |
| Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privileged host OS access, aka XSA-222. | |||||
| CVE-2017-12367 | 1 Cisco | 1 Webex Meetings Server | 2025-04-20 | 6.8 MEDIUM | 9.6 CRITICAL |
| A "Cisco WebEx Network Recording Player Denial of Service Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCve11545, CSCve02843, CSCve11548. | |||||
| CVE-2017-0007 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| Device Guard in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to modify PowerShell script without invalidating associated signatures, aka "PowerShell Security Feature Bypass Vulnerability." | |||||