Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6581 | 1 Vernet Loic | 1 Php Debug | 2017-07-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in tests/debug_test.php in Vernet Loic PHP_Debug 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the debugClassLocation parameter. | |||||
| CVE-2006-7113 | 1 Planerd.net | 1 P-news | 2017-07-28 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in P-News 2.0 allows remote attackers to upload and execute arbitrary files via an avatar file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-7171 | 1 Koan Software | 1 Mega Mall | 2017-07-28 | 5.0 MEDIUM | N/A |
| product_review.php in Koan Software Mega Mall allows remote attackers to obtain the installation path via a request with an empty value of the x[] parameter. | |||||
| CVE-2001-1584 | 1 Michael Barretto | 1 Cardboard | 2017-07-28 | 7.5 HIGH | N/A |
| CardBoard 2.4 greeting card CGI by Michael Barretto allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient field. | |||||
| CVE-2007-0102 | 1 Apple | 1 Preview | 2017-07-28 | 6.8 MEDIUM | N/A |
| The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. | |||||
| CVE-2007-0103 | 1 Adobe | 1 Acrobat Reader | 2017-07-28 | 6.8 MEDIUM | N/A |
| The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. | |||||
| CVE-2003-1350 | 1 List Site Pro | 1 List Site Pro | 2017-07-28 | 4.3 MEDIUM | N/A |
| List Site Pro 2.0 allows remote attackers to hijack user accounts by inserting a "|" (pipe), which is used as a field delimiter, into the bannerurl field. | |||||
| CVE-2017-11555 | 1 Libsass | 1 Libsass | 2017-07-28 | 5.0 MEDIUM | 7.5 HIGH |
| There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service. | |||||
| CVE-2017-11553 | 1 Exiv2 | 1 Exiv2 | 2017-07-28 | 5.0 MEDIUM | 7.5 HIGH |
| There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service. | |||||
| CVE-2016-6450 | 1 Cisco | 1 Ios Xe | 2017-07-27 | 1.9 LOW | 2.5 LOW |
| A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulnerability affects the following products if they are running a vulnerable release of Cisco IOS XE Software: Cisco 5700 Series Wireless LAN Controllers, Cisco Catalyst 3650 Series Switches, Cisco Catalyst 3850 Series Switches, Cisco Catalyst 4500E Series Switches, Cisco Catalyst 4500X Series Switches. More Information: CSCva60013 CSCvb22622. Known Affected Releases: 3.7(0) 16.4.1 Denali-16.1.3 Denali-16.2.2 Denali-16.3.1. Known Fixed Releases: 15.2(4)E3 16.1(2.208) 16.2(2.42) 16.3(1.22) 16.4(0.190) 16.5(0.29). | |||||
| CVE-2016-6462 | 1 Cisco | 1 Email Security Appliance Firmware | 2017-07-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCva13456. Known Affected Releases: 10.0.0-082 10.0.0-125 9.7.1-066. Known Fixed Releases: 10.0.0-203 9.7.2-131. | |||||
| CVE-2016-1248 | 2 Debian, Vim | 2 Debian Linux, Vim | 2017-07-27 | 6.8 MEDIUM | 7.8 HIGH |
| vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened. | |||||
| CVE-2016-7795 | 2 Canonical, Systemd Project | 2 Ubuntu Linux, Systemd | 2017-07-27 | 4.9 MEDIUM | 5.5 MEDIUM |
| The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket. | |||||
| CVE-2016-7796 | 3 Novell, Redhat, Systemd Project | 9 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Server For Sap and 6 more | 2017-07-27 | 4.9 MEDIUM | 5.5 MEDIUM |
| The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled. | |||||
| CVE-2016-9375 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2017-07-27 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful. | |||||
| CVE-2016-9372 | 1 Wireshark | 1 Wireshark | 2017-07-27 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects. | |||||
| CVE-2016-7665 | 1 Apple | 1 Iphone Os | 2017-07-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Graphics Driver" component, which allows remote attackers to cause a denial of service via a crafted video. | |||||
| CVE-2016-4690 | 1 Apple | 1 Iphone Os | 2017-07-26 | 4.6 MEDIUM | 6.8 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Image Capture" component, which allows attackers to execute arbitrary code via a crafted USB HID device. | |||||
| CVE-2016-8106 | 3 Hp, Intel, Lenovo | 60 Ethernet 10gb 2-port 562flr-sfp\+, Ethernet 10gb 2-port 562sfp\+, Ethernet 10gb 4-port 563sfp\+ and 57 more | 2017-07-26 | 4.3 MEDIUM | 5.9 MEDIUM |
| A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions. | |||||
| CVE-2016-9247 | 1 F5 | 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 7 more | 2017-07-26 | 4.3 MEDIUM | 5.9 MEDIUM |
| Under certain conditions for BIG-IP systems using a virtual server with an associated FastL4 profile and TCP analytics profile, a specific sequence of packets may cause the Traffic Management Microkernel (TMM) to restart. | |||||