Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9945 | 1 Siemens | 2 7km Pac Switched Ethernet Profinet Expansion Module, 7km Pac Switched Ethernet Profinet Expansion Module Firmware | 2017-09-12 | 6.1 MEDIUM | 6.5 MEDIUM |
| In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module (All versions < V2.1.3), a Denial-of-Service condition could be induced by a specially crafted PROFINET DCP packet sent as a local Ethernet (Layer 2) broadcast. The affected component requires a manual restart via the main device to recover. | |||||
| CVE-2015-0234 | 1 Pki-core Project | 1 Pki-core | 2017-09-12 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple temporary file creation vulnerabilities in pki-core 10.2.0. | |||||
| CVE-2016-4462 | 1 Apache | 1 Ofbiz | 2017-09-12 | 6.5 MEDIUM | 8.8 HIGH |
| By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted Freemarker template could be used for remote code execution. Mitigation: Upgrade to Apache OFBiz 16.11.01 | |||||
| CVE-2016-1284 | 1 Isc | 1 Bind | 2017-09-09 | 2.6 LOW | 5.9 MEDIUM |
| rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via crafted flag values in a query. | |||||
| CVE-2016-2525 | 1 Wireshark | 1 Wireshark | 2017-09-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. | |||||
| CVE-2012-6687 | 1 Fastcgi | 1 Fcgi | 2017-09-07 | 5.0 MEDIUM | N/A |
| FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause a denial of service (segmentation fault and crash) via a large number of connections. | |||||
| CVE-2016-2524 | 1 Wireshark | 1 Wireshark | 2017-09-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2014-5472 | 1 Linux | 1 Linux Kernel | 2017-09-07 | 4.0 MEDIUM | N/A |
| The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. | |||||
| CVE-2014-6097 | 1 Ibm | 1 Db2 | 2017-09-07 | 4.0 MEDIUM | N/A |
| IBM DB2 9.7 before FP10 and 9.8 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement. | |||||
| CVE-2014-6105 | 1 Ibm | 1 Security Identity Manager | 2017-09-07 | 4.3 MEDIUM | N/A |
| IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||||
| CVE-2014-6135 | 1 Ibm | 2 Security Appscan, Security Appscan Source | 2017-09-07 | 4.3 MEDIUM | N/A |
| IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||||
| CVE-2014-6151 | 1 Ibm | 1 Tivoli Integrated Portal | 2017-09-07 | 3.5 LOW | N/A |
| CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) 2.2.x allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2014-6159 | 1 Ibm | 1 Db2 | 2017-09-07 | 3.5 LOW | N/A |
| IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 through FP4 on Linux, UNIX, and Windows, when immediate AUTO_REVAL is enabled, allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement. | |||||
| CVE-2014-6197 | 1 Ibm | 5 Security Network Protection Xgs 3100, Security Network Protection Xgs 4100, Security Network Protection Xgs 5100 and 2 more | 2017-09-07 | 4.3 MEDIUM | N/A |
| IBM Security Network Protection 5.1.x and 5.2.x before 5.2.0.0 FP5 and 5.3.x before 5.3.0.0 FP1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||||
| CVE-2014-7278 | 1 Zyxel | 2 Sbg3300-n, Sbg3300-n Firmware | 2017-09-07 | 5.0 MEDIUM | N/A |
| The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript code within unspecified "welcome message" form data that is improperly handled during use for the loginMsg variable's value, a different vulnerability than CVE-2014-7277. | |||||
| CVE-2014-7146 | 1 Mantisbt | 1 Mantisbt | 2017-09-07 | 7.5 HIGH | N/A |
| The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier. | |||||
| CVE-2014-7251 | 1 Yokogawa | 1 Fast\/tools | 2017-09-07 | 3.2 LOW | N/A |
| XML external entity (XXE) vulnerability in the WebHMI server in Yokogawa Electric Corporation FAST/TOOLS before R9.05-SP2 allows local users to cause a denial of service (CPU or network traffic consumption) or read arbitrary files via unspecified vectors. | |||||
| CVE-2014-7899 | 1 Google | 1 Chrome | 2017-09-07 | 5.0 MEDIUM | N/A |
| Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string. | |||||
| CVE-2014-7989 | 1 Cisco | 8 B200 M3, B200 M4, B22 M3 and 5 more | 2017-09-07 | 6.8 MEDIUM | N/A |
| Cisco Unified Computing System on B-Series blade servers allows local users to gain shell privileges via a crafted (1) ping6 or (2) traceroute6 command, aka Bug ID CSCuq38176. | |||||
| CVE-2014-7990 | 1 Cisco | 4 Air-ct5760, Ios Xe, Ws-c3850 and 1 more | 2017-09-07 | 6.8 MEDIUM | N/A |
| Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 devices does not properly parse the "request system shell" challenge response, which allows local users to obtain Linux root access by leveraging administrative privilege, aka Bug ID CSCur09815. | |||||