Total
250094 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-5867 | 1 Google | 1 Android | 2023-12-10 | 7.6 HIGH | 7.0 HIGH |
In a sound driver in Android for MSM, Firefox OS for MSM, QRD Android, some variables are from userspace and values can be chosen that could result in stack overflow. | |||||
CVE-2014-9927 | 1 Google | 1 Android | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
In UIM in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. | |||||
CVE-2017-6661 | 1 Cisco | 2 Content Security Management Appliance, Email Security Appliance | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka Message Tracking XSS. More Information: CSCvd30805 CSCvd34861. Known Affected Releases: 10.0.0-203 10.1.0-049. | |||||
CVE-2017-15328 | 1 Huawei | 2 Hg8245h, Hg8245h Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Huawei HG8245H version earlier than V300R018C00SPC110 has an authentication bypass vulnerability. An attacker can access a specific URL of the affect product. Due to improper verification of the privilege, successful exploitation may cause information leak. | |||||
CVE-2017-13134 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file. | |||||
CVE-2017-11526 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 7.1 HIGH | 6.5 MEDIUM |
The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file. | |||||
CVE-2017-7007 | 1 Apple | 1 Iphone Os | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "EventKitUI" component. It allows remote attackers to cause a denial of service (resource consumption and application crash). | |||||
CVE-2018-5656 | 1 Weblizar | 1 Pinterest-feeds | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. CSRF exists via wp-admin/admin-ajax.php. | |||||
CVE-2017-9496 | 2 Cisco, Motorola | 2 Mx011anm Firmware, Mx011anm | 2023-12-10 | 4.6 MEDIUM | 6.8 MEDIUM |
The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows physically proximate attackers to access an SNMP server by connecting a cable to the Ethernet port, and then establishing communication with the device's link-local IPv6 address. | |||||
CVE-2017-9888 | 1 Irfanview | 2 Fpx, Irfanview | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at FPX!FPX_GetScanDevicePropertyGroup+0x00000000000031a0." | |||||
CVE-2010-3845 | 1 Apache Authenhook Project | 1 Apache Authenhook | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log. | |||||
CVE-2017-15601 | 1 Gnu | 1 Libextractor | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup. | |||||
CVE-2017-11810 | 1 Microsoft | 8 Internet Explorer, Windows 10, Windows 7 and 5 more | 2023-12-10 | 7.6 HIGH | 7.5 HIGH |
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | |||||
CVE-2017-10925 | 1 Irfanview | 2 Fpx, Irfanview | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
IrfanView 4.44 (32bit) with FPX Plugin 4.47 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000b3ae." | |||||
CVE-2017-6775 | 1 Cisco | 1 Asr 5000 Software | 2023-12-10 | 4.6 MEDIUM | 5.7 MEDIUM |
A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The vulnerability is due to incorrect permissions that are given to a set of users. An attacker could exploit this vulnerability by logging in to the shell of an affected device and elevating their privileges by modifying environment variables. An exploit could allow the attacker to gain admin-level privileges and take control of the affected device. Cisco Bug IDs: CSCvd47741. Known Affected Releases: 21.0.v0.65839. | |||||
CVE-2017-1000499 | 1 Phpmyadmin | 1 Phpmyadmin | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc. | |||||
CVE-2017-9416 | 1 Odoo | 1 Odoo | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, and 10.0 allows remote authenticated users to read arbitrary local files readable by the Odoo service. | |||||
CVE-2017-15763 | 1 Irfanview | 2 Babacad4image, Irfanview | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to "Data from Faulting Address controls subsequent Write Address starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001eca0." | |||||
CVE-2017-15631 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-workmode variable in the pptp_client.lua file. | |||||
CVE-2015-6237 | 1 Tripwire | 1 Ip360 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP filter restrictions via crafted "privileged commands." |