Total
250879 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-2580 | 1 Oracle | 1 Applications Dba | 2023-12-10 | 2.1 LOW | 4.4 MEDIUM |
Vulnerability in the Oracle Applications DBA component of Oracle E-Business Suite (subcomponent: ADPatch). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications DBA accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). | |||||
CVE-2016-5864 | 1 Google | 1 Android | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
In an audio driver function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, some parameters are from userspace, and if they are set to a large value, integer overflow is possible followed by buffer overflow. In another function, a missing check for a lower bound may result in an out of bounds memory access. | |||||
CVE-2016-5868 | 1 Google | 1 Android | 2023-12-10 | 7.6 HIGH | 7.0 HIGH |
drivers/net/ethernet/msm/rndis_ipa.c in the Qualcomm networking driver in Android allows remote attackers to execute arbitrary code via a crafted application compromising a privileged process. | |||||
CVE-2017-16999 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none | |||||
CVE-2017-14646 | 1 Axiosys | 1 Bento4 | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The AP4_AvccAtom and AP4_HvccAtom classes in Bento4 version 1.5.0-617 do not properly validate data sizes, leading to a heap-based buffer over-read and application crash in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp. | |||||
CVE-2017-15245 | 1 Irfanview | 2 Irfanview, Pdf | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlGetGlobalState+0x0000000000057b76." | |||||
CVE-2015-4085 | 1 Etherpad | 1 Etherpad | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Directory traversal vulnerability in node/hooks/express/tests.js in Etherpad frontend tests before 1.6.1. | |||||
CVE-2017-13736 | 1 Graphicsmagick | 1 Graphicsmagick | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
There are lots of memory leaks in the GMCommand function in magick/command.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack. | |||||
CVE-2017-8711 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2023-12-10 | 1.9 LOW | 5.3 MEDIUM |
The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8706, CVE-2017-8712, and CVE-2017-8713. | |||||
CVE-2017-6684 | 1 Cisco | 1 Elastic Services Controller | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76651. Known Affected Releases: 21.0.0. | |||||
CVE-2016-10364 | 1 Elastic | 1 Kibana | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions. | |||||
CVE-2017-17797 | 1 Ikarussecurity | 1 Anti.virus | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000058. | |||||
CVE-2017-9415 | 1 Subsonic | 1 Subsonic | 2023-12-10 | 5.1 MEDIUM | 7.5 HIGH |
Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view. | |||||
CVE-2017-17901 | 1 Zyxel | 2 P-660hw, P-660hw Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1. | |||||
CVE-2017-7557 | 1 Powerdns | 1 Dnsdist | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack. | |||||
CVE-2017-15559 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none | |||||
CVE-2017-11325 | 1 Tilde Cms Project | 1 Tilde Cms | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Tilde CMS 1.0.1. Arbitrary files can be read via a file=../ attack on actionphp/download.File.php. | |||||
CVE-2017-17577 | 1 Trademe Clone Project | 1 Trademe Clone | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter. | |||||
CVE-2017-13180 | 1 Google | 1 Android | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
In the onQueueFilled function of SoftAVCDec, there is a possible out-of-bounds write due to a use after free if a bad header causes the decoder to get caught in a loop while another thread frees the memory it's accessing. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969349. | |||||
CVE-2015-7544 | 1 Redhat | 1 Enterprise Virtualization Manager | 2023-12-10 | 9.0 HIGH | 9.1 CRITICAL |
redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment. |