Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-0499 | 1 Google | 1 Android | 2017-07-17 | 7.1 HIGH | 5.5 MEDIUM |
| A denial of service vulnerability in Audioserver could enable a local malicious application to cause a device hang or reboot. This issue is rated as Low due to the possibility of a temporary denial of service. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32095713. | |||||
| CVE-2017-0488 | 1 Google | 1 Android | 2017-07-17 | 7.1 HIGH | 5.5 MEDIUM |
| A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097213. | |||||
| CVE-2017-0484 | 1 Google | 1 Android | 2017-07-17 | 7.1 HIGH | 5.5 MEDIUM |
| A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33298089. | |||||
| CVE-2017-4897 | 1 Vmware | 1 Horizon Daas | 2017-07-17 | 7.1 HIGH | 5.5 MEDIUM |
| VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Successful exploitation of this vulnerability requires a victim to download a specially crafted RDP file through DaaS client by clicking on a malicious link. | |||||
| CVE-2017-6727 | 1 Cisco | 1 Wide Area Application Services | 2017-07-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the Server Message Block (SMB) protocol of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device due to a process restarting unexpectedly and creating Core Dump files. More Information: CSCvc63035. Known Affected Releases: 6.2(3a). Known Fixed Releases: 6.3(0.167) 6.2(3c)5 6.2(3.22). | |||||
| CVE-2017-8611 | 1 Microsoft | 2 Edge, Windows 10 | 2017-07-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| Microsoft Edge on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability." | |||||
| CVE-2017-8602 | 1 Microsoft | 8 Edge, Internet Explorer, Windows 10 and 5 more | 2017-07-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| Microsoft browsers on Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a spoofing vulnerability in the way they parse HTTP content, aka "Microsoft Browser Spoofing Vulnerability." | |||||
| CVE-2017-11098 | 1 Swftools | 1 Swftools | 2017-07-13 | 6.8 MEDIUM | 8.8 HIGH |
| When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to a Segmentation Violation in the png_load() function in lib/png.c. | |||||
| CVE-2017-11099 | 1 Swftools | 1 Swftools | 2017-07-13 | 6.8 MEDIUM | 8.8 HIGH |
| When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono() function in lib/wav.c. | |||||
| CVE-2017-6735 | 1 Cisco | 1 Firesight System Software | 2017-07-13 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. More Information: CSCvc91092. Known Affected Releases: 6.2.0 6.2.1. | |||||
| CVE-2017-2414 | 1 Apple | 1 Iphone Os | 2017-07-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "DataAccess" component. It allows remote attackers to access Exchange traffic in opportunistic circumstances by leveraging a mistake in typing an e-mail address. | |||||
| CVE-2017-0033 | 1 Microsoft | 2 Edge, Internet Explorer | 2017-07-11 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0012 and CVE-2017-0069. | |||||
| CVE-2016-7467 | 1 F5 | 1 Big-ip Access Policy Manager | 2017-07-11 | 3.5 LOW | 5.3 MEDIUM |
| The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via the SP connector. | |||||
| CVE-2017-2434 | 1 Apple | 1 Iphone Os | 2017-07-11 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "HomeKit" component. It allows attackers to have an unspecified impact by leveraging the presence of Home Control on Control Center. | |||||
| CVE-2017-0012 | 1 Microsoft | 2 Edge, Internet Explorer | 2017-07-11 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0033 and CVE-2017-0069. | |||||
| CVE-2017-2378 | 1 Apple | 2 Iphone Os, Safari | 2017-07-11 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves bookmark creation in the "WebKit" component. It allows remote attackers to execute arbitrary code or spoof a bookmark by leveraging mishandling of links during drag-and-drop actions. | |||||
| CVE-2017-2410 | 1 Apple | 1 Mac Os X | 2017-07-11 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2017-3858 | 1 Cisco | 1 Ios Xe | 2017-07-11 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the web framework of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of HTTP parameters supplied by the user. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected web page parameter. The user must be authenticated to access the affected parameter. A successful exploit could allow the attacker to execute commands with root privileges. This vulnerability affects Cisco devices running Cisco IOS XE Software Release 16.2.1, if the HTTP Server feature is enabled for the device. The newly redesigned, web-based administration interface was introduced in the Denali 16.2 Release of Cisco IOS XE Software. The web-based administration interface in earlier releases of Cisco IOS XE Software is not affected by this vulnerability. Cisco Bug IDs: CSCuy83069. | |||||
| CVE-2017-0007 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2017-07-11 | 2.1 LOW | 5.5 MEDIUM |
| Device Guard in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to modify PowerShell script without invalidating associated signatures, aka "PowerShell Security Feature Bypass Vulnerability." | |||||
| CVE-2017-6974 | 1 Apple | 1 Mac Os X | 2017-07-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the system-installation subsystem of the "System Integrity Protection" component. It allows attackers to modify the contents of a protected disk location via a crafted app. | |||||