Total
10229 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3254 | 1 Apache | 1 Thrift | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function. | |||||
| CVE-2017-11936 | 1 Microsoft | 1 Sharepoint Enterprise Server | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". | |||||
| CVE-2017-9354 | 1 Wireshark | 1 Wireshark | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address. | |||||
| CVE-2017-3733 | 2 Hp, Openssl | 2 Operations Agent, Openssl | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected. | |||||
| CVE-2017-1555 | 1 Ibm | 1 Api Connect | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545. | |||||
| CVE-2017-6656 | 1 Cisco | 1 Ip Phone 8800 Series | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| A vulnerability in Session Initiation Protocol (SIP) call handling of Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the SIP process unexpectedly restarting. All active phone calls are dropped as the SIP process restarts. More Information: CSCvc29353. Known Affected Releases: 11.0(0.1). Known Fixed Releases: 11.0(0)MP2.153 11.0(0)MP2.62. | |||||
| CVE-2009-1197 | 1 Apache | 1 Juddi | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Apache jUDDI before 2.0 allows attackers to spoof entries in log files via vectors related to error logging of keys from uddiget.jsp. | |||||
| CVE-2017-9043 | 1 Gnu | 1 Binutils | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file. | |||||
| CVE-2017-0269 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". This CVE ID is unique from CVE-2017-0273 and CVE-2017-0280. | |||||
| CVE-2017-9801 | 1 Apache | 1 Commons Email | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers. | |||||
| CVE-2017-7428 | 1 Netiq | 1 Imanager | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with Tomcat. | |||||
| CVE-2017-14964 | 1 Ikarussecurity | 1 Anti.virus | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300005c. | |||||
| CVE-2017-12939 | 2 Microsoft, Unity3d | 2 Windows, Unity Editor | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before 2017.1.0p4. | |||||
| CVE-2017-7672 | 1 Apache | 1 Struts | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12. | |||||
| CVE-2017-2731 | 1 Huawei | 2 P9 Plus, P9 Plus Firmware | 2025-04-20 | 7.1 HIGH | 5.5 MEDIUM |
| The vibrator service in P9 Plus smart phones with software versions earlier before VIE-AL10C00B386 has DoS vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone vibrator service interface to crash the system. | |||||
| CVE-2016-8437 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Improper input validation in Access Control APIs. Access control API may return memory range checking incorrectly. Product: Android. Versions: Kernel 3.18. Android ID: A-31623057. References: QC-CR#1009695. | |||||
| CVE-2017-11863 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to trick a user into loading a page containing malicious content, due to how the Edge Content Security Policy (CSP) validates documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11872 and CVE-2017-11874. | |||||
| CVE-2017-1000039 | 1 Framasoft | 1 Framadate | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Framadate version 1.0 is vulnerable to Formula Injection in the CSV Export resulting possible Information Disclosure and Code Execution | |||||
| CVE-2016-8273 | 1 Huawei | 1 Hisuite | 2025-04-20 | 6.9 MEDIUM | 7.8 HIGH |
| Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise the PC. | |||||
| CVE-2017-10610 | 1 Juniper | 2 Junos, Srx Series | 2025-04-20 | 4.3 MEDIUM | 7.5 HIGH |
| On SRX Series devices, a crafted ICMP packet embedded within a NAT64 IPv6 to IPv4 tunnel may cause the flowd process to crash. Repeated crashes of the flowd process constitutes an extended denial of service condition for the SRX Series device. This issue only occurs if NAT64 is configured. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D71, 12.3X48 prior to 12.3X48-D55, 15.1X49 prior to 15.1X49-D100 on SRX Series. No other Juniper Networks products or platforms are affected by this issue. | |||||