Total
10317 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6795 | 1 Cisco | 10 Asr-920-10sz-pd, Asr-920-12cz-a, Asr-920-12sz-im and 7 more | 2025-04-20 | 4.7 MEDIUM | 4.4 MEDIUM |
| A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the platform usb modem command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the platform usb modem command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device. Cisco Bug IDs: CSCvf10783. | |||||
| CVE-2017-8934 | 1 Pcmanfm Project | 1 Pcmanfm | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (application unavailability). | |||||
| CVE-2015-3830 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| The stock Android browser address bar in all Android operating systems suffers from Address Bar Spoofing, which allows remote attackers to trick a victim by displaying a malicious page for legitimate domain names. | |||||
| CVE-2017-8994 | 1 Hp | 1 Operations Orchestration | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely. | |||||
| CVE-2017-9242 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 4.9 MEDIUM | 5.5 MEDIUM |
| The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. | |||||
| CVE-2016-7467 | 1 F5 | 1 Big-ip Access Policy Manager | 2025-04-20 | 3.5 LOW | 5.3 MEDIUM |
| The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via the SP connector. | |||||
| CVE-2016-10347 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a hypervisor function is not properly validated. | |||||
| CVE-2017-0888 | 1 Nextcloud | 2 Nextcloud, Nextcloud Server | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information. | |||||
| CVE-2017-7609 | 1 Elfutils Project | 1 Elfutils | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. | |||||
| CVE-2017-11102 | 1 Graphicsmagick | 1 Graphicsmagick | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure. | |||||
| CVE-2017-5593 | 1 Psi-plus | 1 Psi\+ | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Psi+ (0.16.563.580 - 0.16.571.627). | |||||
| CVE-2017-11665 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream. | |||||
| CVE-2017-14909 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a count value that is read from a file is not properly validated. | |||||
| CVE-2017-3800 | 1 Cisco | 1 Email Security Appliance | 2025-04-20 | 5.0 MEDIUM | 5.8 MEDIUM |
| A vulnerability in the content scanning engine of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured message or content filters on the device. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. More Information: CSCuz16076. Known Affected Releases: 9.7.1-066 9.7.1-HP2-207 9.8.5-085. Known Fixed Releases: 10.0.1-083 10.0.1-087. | |||||
| CVE-2016-8758 | 1 Huawei | 2 Mate 8, Mate 8 Firmware | 2025-04-20 | 7.1 HIGH | 5.5 MEDIUM |
| ION memory management module in Huawei Mate8 phones with software NXT-AL10C00B561 and earlier versions, NXT-CL10C00B561 and earlier versions, NXT-DL10C00B561 and earlier versions, NXT-TL10C00B561 and earlier versions allows attackers to cause a denial of service (restart). | |||||
| CVE-2017-6078 | 1 Faststone | 1 Maxview | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with a crafted biSize field in the BITMAPINFOHEADER section. | |||||
| CVE-2017-3098 | 1 Adobe | 1 Captivate | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server. | |||||
| CVE-2017-7235 | 1 Cloudflare-scrape Project | 1 Cloudflare-scrape | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A malicious website owner could craft a page that executes arbitrary Python code against any cfscrape user who scrapes that website. This is fixed in 1.8.0. | |||||
| CVE-2016-4841 | 1 Cybozu | 1 Mailwise | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers. | |||||
| CVE-2015-3215 | 1 Redhat | 1 Virtio-win | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The NetKVM Windows Virtio driver allows remote attackers to cause a denial of service (guest crash) via a crafted length value in an IP packet, as demonstrated by a value that does not account for the size of the IP options. | |||||