Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9907 | 1 Imagemagick | 1 Imagemagick | 2017-05-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file. | |||||
| CVE-2017-2100 | 1 Ipa | 1 Appgoat | 2017-05-05 | 6.8 MEDIUM | 6.3 MEDIUM |
| Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.1 and earlier allows remote attackers to conduct DNS rebinding attacks via unspecified vectors. | |||||
| CVE-2016-9693 | 1 Ibm | 2 Business Process Manager, Websphere | 2017-05-01 | 6.8 MEDIUM | 6.1 MEDIUM |
| IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considered executable and cause damage on the victim's machine. IBM Reference #: 1998655. | |||||
| CVE-2014-2522 | 2 Haxx, Microsoft | 3 Curl, Libcurl, Windows | 2017-04-28 | 4.0 MEDIUM | N/A |
| curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. | |||||
| CVE-2016-4841 | 1 Cybozu | 1 Mailwise | 2017-04-27 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers. | |||||
| CVE-2016-4862 | 1 Cs-cart | 1 Cs-cart | 2017-04-26 | 6.5 MEDIUM | 8.8 HIGH |
| Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers. | |||||
| CVE-2017-7979 | 1 Linux | 1 Linux Kernel | 2017-04-25 | 7.2 HIGH | 7.8 HIGH |
| The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via "tc filter add" commands in certain contexts. NOTE: this does not affect stable kernels, such as 4.10.x, from kernel.org. | |||||
| CVE-2017-7892 | 1 Capnproto | 1 Capnproto | 2017-04-25 | 5.0 MEDIUM | 7.5 HIGH |
| Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit libcapnp application because Cap'n Proto relies on pointer arithmetic calculations that overflow. An example compiler with optimization that elides a bounds check in such calculations is Apple LLVM version 8.1.0 (clang-802.0.41). The attack vector is a crafted far pointer within a message. | |||||
| CVE-2017-1161 | 1 Ibm | 1 Api Connect | 2017-04-25 | 7.5 HIGH | 7.3 HIGH |
| IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the privileges of the www-data user. IBM X-Force ID: 122956. | |||||
| CVE-2016-2567 | 1 Samsung | 4 Galaxy Note 3, Galaxy Note 3 Firmware, Galaxy S6 and 1 more | 2017-04-25 | 2.1 LOW | 3.3 LOW |
| secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an "exceptional URL" in the query string, as demonstrated by the http://should-have-been-filtered.example.com/?http://google.com URL. | |||||
| CVE-2015-7740 | 1 Huawei | 4 P7, P7 Firmware, P8 Ale-ul00 and 1 more | 2017-04-25 | 4.9 MEDIUM | 5.5 MEDIUM |
| Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application that passes crafted input to the GPU driver. | |||||
| CVE-2016-9278 | 1 Samsung | 1 Exynos Fimg2d Driver | 2017-04-24 | 4.9 MEDIUM | 5.5 MEDIUM |
| The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows local users to cause a denial of service (kernel panic) via a crafted ioctl command. The Samsung ID is SVE-2016-6736. | |||||
| CVE-2017-7283 | 1 Unitrends | 1 Enterprise Backup | 2017-04-24 | 9.0 HIGH | 8.8 HIGH |
| An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in api/includes/restore.php. | |||||
| CVE-2010-1821 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-04-20 | 7.2 HIGH | 7.8 HIGH |
| Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows local users to obtain system privileges. | |||||
| CVE-2017-2989 | 1 Adobe | 1 Campaign | 2017-04-20 | 7.5 HIGH | 9.1 CRITICAL |
| Adobe Campaign versions Build 8770 and earlier have an input validation bypass that could be exploited to read, write, or delete data from the Campaign database. | |||||
| CVE-2017-7280 | 1 Unitrends | 1 Enterprise Backup | 2017-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in api/includes/systems.php in Unitrends Enterprise Backup before 9.0.0. User input is not properly filtered before being sent to a popen function. This allows for remote code execution by sending a specially crafted user variable. | |||||
| CVE-2016-4899 | 1 Novastor | 1 Novabackup Datacenter | 2017-04-19 | 10.0 HIGH | 9.8 CRITICAL |
| The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors. | |||||
| CVE-2016-4898 | 1 Novastor | 1 Novabackup Datacenter | 2017-04-19 | 10.0 HIGH | 9.8 CRITICAL |
| The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors. | |||||
| CVE-2017-0179 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Server 2012 and 1 more | 2017-04-18 | 6.3 MEDIUM | 5.8 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186. | |||||
| CVE-2017-0183 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Server 2008 and 2 more | 2017-04-18 | 6.3 MEDIUM | 5.8 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186. | |||||