Total
10125 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7672 | 1 Apache | 1 Struts | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12. | |||||
| CVE-2017-2731 | 1 Huawei | 2 P9 Plus, P9 Plus Firmware | 2025-04-20 | 7.1 HIGH | 5.5 MEDIUM |
| The vibrator service in P9 Plus smart phones with software versions earlier before VIE-AL10C00B386 has DoS vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone vibrator service interface to crash the system. | |||||
| CVE-2016-8437 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Improper input validation in Access Control APIs. Access control API may return memory range checking incorrectly. Product: Android. Versions: Kernel 3.18. Android ID: A-31623057. References: QC-CR#1009695. | |||||
| CVE-2017-11863 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to trick a user into loading a page containing malicious content, due to how the Edge Content Security Policy (CSP) validates documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11872 and CVE-2017-11874. | |||||
| CVE-2017-1000039 | 1 Framasoft | 1 Framadate | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Framadate version 1.0 is vulnerable to Formula Injection in the CSV Export resulting possible Information Disclosure and Code Execution | |||||
| CVE-2016-8273 | 1 Huawei | 1 Hisuite | 2025-04-20 | 6.9 MEDIUM | 7.8 HIGH |
| Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise the PC. | |||||
| CVE-2017-10610 | 1 Juniper | 2 Junos, Srx Series | 2025-04-20 | 4.3 MEDIUM | 7.5 HIGH |
| On SRX Series devices, a crafted ICMP packet embedded within a NAT64 IPv6 to IPv4 tunnel may cause the flowd process to crash. Repeated crashes of the flowd process constitutes an extended denial of service condition for the SRX Series device. This issue only occurs if NAT64 is configured. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D71, 12.3X48 prior to 12.3X48-D55, 15.1X49 prior to 15.1X49-D100 on SRX Series. No other Juniper Networks products or platforms are affected by this issue. | |||||
| CVE-2017-0724 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36819262. | |||||
| CVE-2017-3241 | 1 Oracle | 3 Jdk, Jre, Jrockit | 2025-04-20 | 6.8 MEDIUM | 9.0 CRITICAL |
| Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). | |||||
| CVE-2017-7456 | 1 Moxa | 1 Mxview | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Moxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk payload for the MXView client login credentials. | |||||
| CVE-2017-16951 | 1 Audiovalley | 1 Winamp Pro | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial of service via a crafted WAV, WMV, AU, ASF, AIFF, or AIF file. | |||||
| CVE-2017-10953 | 1 Foxitsoftware | 1 Foxit Reader | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the gotoURL method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5030. | |||||
| CVE-2016-10387 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a handover scenario. | |||||
| CVE-2017-0475 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the recovery verifier could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31914369. | |||||
| CVE-2017-1001003 | 1 Mathjs Project | 1 Mathjs | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object. | |||||
| CVE-2017-4997 | 1 Dell | 1 Emc Vasa Provider Virtual Appliance | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| EMC VASA Provider Virtual Appliance versions 8.3.x and prior has an unauthenticated remote code execution vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2017-7235 | 1 Cloudflare-scrape Project | 1 Cloudflare-scrape | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A malicious website owner could craft a page that executes arbitrary Python code against any cfscrape user who scrapes that website. This is fixed in 1.8.0. | |||||
| CVE-2015-5195 | 5 Canonical, Debian, Fedoraproject and 2 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation. | |||||
| CVE-2017-6759 | 1 Cisco | 1 Prime Collaboration Provisioning | 2025-04-20 | 6.8 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by triggering the upgrade package installation functionality. Cisco Bug IDs: CSCvc90304. | |||||
| CVE-2015-4556 | 1 Call-cc | 1 Chicken | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash). | |||||