Total
10399 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-3818 | 1 Cisco | 1 Email Security Appliance Firmware | 2025-04-20 | 5.0 MEDIUM | 5.8 MEDIUM |
| A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device, aka a Malformed MIME Header Filtering Bypass. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. More Information: CSCvb65245. Known Affected Releases: 9.7.1-066. Known Fixed Releases: 9.8.0-092. | |||||
| CVE-2015-7692 | 5 Debian, Netapp, Ntp and 2 more | 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. | |||||
| CVE-2017-6463 | 1 Ntp | 1 Ntp | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option. | |||||
| CVE-2017-12426 | 1 Gitlab | 1 Gitlab | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import. | |||||
| CVE-2017-9272 | 1 Microfocus | 2 Bi-directional Driver, Identity Manager | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service attack. | |||||
| CVE-2016-9830 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Leap and 1 more | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image. | |||||
| CVE-2016-8738 | 1 Apache | 1 Struts | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. | |||||
| CVE-2017-0689 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36215950. | |||||
| CVE-2017-11407 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt. | |||||
| CVE-2017-7262 | 1 Amd | 1 Ryzen | 2025-04-20 | 4.9 MEDIUM | 5.5 MEDIUM |
| The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows local users to cause a denial of service (system hang) via an application that makes a long series of FMA3 instructions, as demonstrated by the Flops test suite. | |||||
| CVE-2017-7692 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the Deliver_SendMail.class.php with the initStream function that uses escapeshellcmd() to sanitize the sendmail command before executing it. The use of escapeshellcmd() is not correct in this case since it doesn't escape whitespaces, allowing the injection of arbitrary command parameters. The problem is in -f$envelopefrom within the sendmail command line. Hence, if the target server uses sendmail and SquirrelMail is configured to use it as a command-line program, it's possible to trick sendmail into using an attacker-provided configuration file that triggers the execution of an arbitrary command. For exploitation, the attacker must upload a sendmail.cf file as an email attachment, and inject the sendmail.cf filename with the -C option within the "Options > Personal Informations > Email Address" setting. | |||||
| CVE-2017-9034 | 1 Trendmicro | 1 Serverprotect | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates. | |||||
| CVE-2017-7126 | 1 Apple | 1 Mac Os X | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party "file" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2016-9692 | 1 Ibm | 1 Websphere Cast Iron Solution | 2025-04-20 | 7.8 HIGH | 8.6 HIGH |
| IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 119516. | |||||
| CVE-2017-14617 | 1 Freedesktop | 1 Poppler | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files. | |||||
| CVE-2017-11112 | 1 Gnu | 1 Ncurses | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. | |||||
| CVE-2016-9719 | 1 Ibm | 1 Infosphere Master Data Management Server | 2025-04-20 | 3.5 LOW | 5.7 MEDIUM |
| IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 119733. | |||||
| CVE-2017-9982 | 1 Teamspeak | 1 Teamspeak Client | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| TeamSpeak Client 3.0.19 allows remote attackers to cause a denial of service (application crash) via the ᗪ Unicode character followed by the ༿ Unicode character. | |||||
| CVE-2017-10868 | 1 Dena | 1 H2o | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header. | |||||
| CVE-2017-10674 | 1 Antiy | 1 Antivirus Engine | 2025-04-20 | 4.9 MEDIUM | 5.5 MEDIUM |
| Antiy Antivirus Engine 5.0.0.06281654 allows local users to cause a denial of service (BSOD) via a long third argument in a DeviceIoControl call. | |||||