Vulnerabilities (CVE)

Filtered by CWE-20
Total 10520 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-9962 1 Google 1 Android 2025-04-20 9.3 HIGH 7.8 HIGH
In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of a DRM provisioning command.
CVE-2017-1519 3 Ibm, Linux, Microsoft 4 Db2, Db2 Connect, Linux Kernel and 1 more 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A remote user can cause disruption of service for DB2 Connect Server setup with a particular configuration. IBM X-Force ID: 129829.
CVE-2017-5185 1 Microfocus 1 Sentinel 2025-04-20 5.0 MEDIUM 7.5 HIGH
A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service.
CVE-2015-4035 2 Redhat, Tukaani 2 Enterprise Linux, Xz 2025-04-20 4.6 MEDIUM 7.8 HIGH
scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name.
CVE-2017-6751 1 Cisco 2 Web Security Appliance, Web Security Virtual Appliance 2025-04-20 5.0 MEDIUM 7.5 HIGH
A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88863. Known Affected Releases: 10.1.0-204 9.0.0-485.
CVE-2016-5218 1 Google 1 Chrome 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to temporarily spoof the contents of the Omnibox (URL bar) via a crafted HTML page containing PDF data.
CVE-2015-3419 1 Vbulletin 1 Vbulletin 2025-04-20 4.0 MEDIUM 6.5 MEDIUM
vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure.
CVE-2017-11613 1 Libtiff 1 Libtiff 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer.
CVE-2017-0273 1 Microsoft 6 Windows 10, Windows 7, Windows 8.1 and 3 more 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". This CVE ID is unique from CVE-2017-0269 and CVE-2017-0280.
CVE-2017-6254 2 Microsoft, Nvidia 2 Windows, Gpu Driver 2025-04-20 7.2 HIGH 7.8 HIGH
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from an user to the driver is used without validation which may lead to denial of service or potential escalation of privileges.
CVE-2017-6367 1 Cerberusftp 1 Ftp Server 2025-04-20 5.0 MEDIUM 7.5 HIGH
In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. The attack methodology involves a long Host header and an invalid Content-Length header.
CVE-2017-9788 6 Apache, Apple, Debian and 3 more 16 Http Server, Mac Os X, Debian Linux and 13 more 2025-04-20 6.4 MEDIUM 9.1 CRITICAL
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.
CVE-2017-8128 1 Huawei 1 Uma 2025-04-20 7.5 HIGH 9.8 CRITICAL
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.
CVE-2015-5209 1 Apache 1 Struts 2025-04-20 5.0 MEDIUM 7.5 HIGH
Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.
CVE-2017-5226 1 Projectatomic 1 Bubblewrap 2025-04-20 7.5 HIGH 10.0 CRITICAL
When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.
CVE-2017-2378 1 Apple 2 Iphone Os, Safari 2025-04-20 6.8 MEDIUM 8.8 HIGH
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves bookmark creation in the "WebKit" component. It allows remote attackers to execute arbitrary code or spoof a bookmark by leveraging mishandling of links during drag-and-drop actions.
CVE-2017-7085 1 Apple 2 Iphone Os, Safari 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar.
CVE-2016-6266 1 Trendmicro 1 Smart Protection Server 2025-04-20 6.5 MEDIUM 8.8 HIGH
ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or (2) apikey parameter in a register action, (3) enable parameter in a save_stting action, or (4) host or (5) apikey parameter in a test_connection action.
CVE-2017-5603 1 Jitsi 1 Jitsi 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Jitsi 2.5.5061 - 2.9.5544.
CVE-2017-2540 1 Apple 1 Mac Os X 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.