Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7596 | 1 Libtiff | 1 Libtiff | 2018-03-21 | 6.8 MEDIUM | 7.8 HIGH |
| LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | |||||
| CVE-2017-7600 | 1 Libtiff | 1 Libtiff | 2018-03-21 | 6.8 MEDIUM | 7.8 HIGH |
| LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | |||||
| CVE-2017-7592 | 1 Libtiff | 1 Libtiff | 2018-03-21 | 6.8 MEDIUM | 7.8 HIGH |
| The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | |||||
| CVE-2017-7597 | 1 Libtiff | 1 Libtiff | 2018-03-21 | 6.8 MEDIUM | 7.8 HIGH |
| tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | |||||
| CVE-2017-7601 | 1 Libtiff | 1 Libtiff | 2018-03-21 | 6.8 MEDIUM | 7.8 HIGH |
| LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | |||||
| CVE-2017-5660 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2018-03-21 | 5.0 MEDIUM | 8.6 HIGH |
| There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used. | |||||
| CVE-2011-3477 | 1 Symantec | 4 Backup Exec System Recovery, Norton 360, Norton Ghost and 1 more | 2018-03-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| GEAR Software CD DVD Filter driver (aka GEARAspiWDM.sys), as used in Symantec Backup Exec System Recovery 8.5 and BESR 2010, Symantec System Recovery 2011, Norton 360, and Norton Ghost, allows local users to cause a denial of service (system crash) via unspecified vectors. | |||||
| CVE-2018-5763 | 1 Oxid-esales | 1 Eshop | 2018-03-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 and 6.x before 6.0.1. By entering specially crafted URLs, an attacker is able to bring the shop server to a standstill and hence, it stops working. This is only valid if OXID High Performance Option is activated and Varnish is used. | |||||
| CVE-2014-3206 | 1 Seagate | 4 Blackarmor Nas 110, Blackarmor Nas 110 Firmware, Blackarmor Nas 220 and 1 more | 2018-03-19 | 10.0 HIGH | 9.8 CRITICAL |
| Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php. | |||||
| CVE-2015-2081 | 1 Datto | 16 Alto 2, Alto 2 Firmware, Alto 3 and 13 more | 2018-03-19 | 7.5 HIGH | 9.8 CRITICAL |
| Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts. | |||||
| CVE-2017-16813 | 1 Foxitsoftware | 1 Mobilepdf | 2018-03-16 | 2.9 LOW | 5.5 MEDIUM |
| A denial-of-service issue was discovered in the Foxit MobilePDF app before 6.1 for iOS. This occurs when a user uploads a file that includes a hexadecimal Unicode character in the "filename" parameter via Wi-Fi, since the app could fail to parse this. | |||||
| CVE-2017-18200 | 1 Linux | 1 Linux Kernel | 2018-03-16 | 4.9 MEDIUM | 5.5 MEDIUM |
| The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fs_wait_discard_bios calls, which allows local users to cause a denial of service (BUG), as demonstrated by fstrim. | |||||
| CVE-2016-2569 | 1 Squid-cache | 1 Squid | 2018-03-15 | 5.0 MEDIUM | 7.5 HIGH |
| Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header. | |||||
| CVE-2017-14489 | 1 Linux | 1 Linux Kernel | 2018-03-15 | 4.9 MEDIUM | 5.5 MEDIUM |
| The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation. | |||||
| CVE-2016-2570 | 1 Squid-cache | 1 Squid | 2018-03-15 | 5.0 MEDIUM | 7.5 HIGH |
| The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h. | |||||
| CVE-2016-2571 | 1 Squid-cache | 1 Squid | 2018-03-15 | 5.0 MEDIUM | 7.5 HIGH |
| http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response. | |||||
| CVE-2017-18088 | 1 Atlassian | 1 Bitbucket | 2018-03-15 | 4.3 MEDIUM | 4.3 MEDIUM |
| Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.6 (the fixed version for 5.5.x), from version 5.6.0 before 5.6.3 (the fixed version for 5.6.x), from version 5.7.0 before 5.7.1 (the fixed version for 5.7.x) and before 5.8.0 allow remote attackers to conduct clickjacking attacks via framing various resources that lacked clickjacking protection. | |||||
| CVE-2017-8969 | 1 Hp | 1 Insight Control | 2018-03-15 | 3.5 LOW | 5.7 MEDIUM |
| An improper input validation vulnerability in HPE Insight Control version 7.6 LR1 was found. | |||||
| CVE-2018-5767 | 1 Tendacn | 2 Ac15, Ac15 Firmware | 2018-03-15 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header. | |||||
| CVE-2015-5674 | 1 Freebsd | 1 Freebsd | 2018-03-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| The routed daemon in FreeBSD 9.3 before 9.3-RELEASE-p22, 10.2-RC2 before 10.2-RC2-p1, 10.2-RC1 before 10.2-RC1-p2, 10.2 before 10.2-BETA2-p3, and 10.1 before 10.1-RELEASE-p17 allows remote authenticated users to cause a denial of service (assertion failure and daemon exit) via a query from a network that is not directly connected. | |||||