Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3014 | 1 Microsoft | 1 Excel | 2018-10-12 | 5.1 MEDIUM | N/A |
| Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet. | |||||
| CVE-2018-15358 | 1 Eltex | 2 Esp-200, Esp-200 Firmware | 2018-10-12 | 6.5 MEDIUM | 8.8 HIGH |
| An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0. | |||||
| CVE-2018-8316 | 1 Microsoft | 8 Internet Explorer, Windows 10, Windows 7 and 5 more | 2018-10-12 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists when Internet Explorer improperly validates hyperlinks before loading executable libraries, aka "Internet Explorer Remote Code Execution Vulnerability." This affects Internet Explorer 11, Internet Explorer 10. | |||||
| CVE-2017-17312 | 1 Huawei | 8 Usg2205bsr, Usg2205bsr Firmware, Usg2220bsr and 5 more | 2018-10-12 | 7.8 HIGH | 7.5 HIGH |
| Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a DoS vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Due to improper handling of the malformed messages, an attacker may sent crafted packets to the affected device to exploit these vulnerabilities. Successful exploit the vulnerability could lead to device deny of service. | |||||
| CVE-2017-17311 | 1 Huawei | 8 Usg2205bsr, Usg2205bsr Firmware, Usg2220bsr and 5 more | 2018-10-12 | 7.8 HIGH | 7.5 HIGH |
| Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a DoS vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Due to improper handling of the malformed messages, an attacker may sent crafted packets to the affected device to exploit these vulnerabilities. Successful exploit the vulnerability could lead to device deny of service. | |||||
| CVE-2016-9606 | 1 Redhat | 1 Resteasy | 2018-10-12 | 6.8 MEDIUM | 8.1 HIGH |
| JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions. | |||||
| CVE-2009-0396 | 1 Sony Ericsson | 9 K530i, K610i, K618i and 6 more | 2018-10-11 | 7.8 HIGH | N/A |
| The Sony Ericsson W910i, W660i, K618i, K610i, Z610i, K810i, K660i, W880i, and K530i phones allow remote attackers to cause a denial of service (device reboot or hang-up) via a malformed WAP Push packet to (1) SMS or (2) UDP port 2948. | |||||
| CVE-2009-0311 | 1 Emc | 1 Autostart | 2018-10-11 | 10.0 HIGH | N/A |
| The Backbone service (ftbackbone.exe) in EMC AutoStart before 5.3 SP2 allows remote attackers to execute arbitrary code via a packet with a crafted value that is dereferenced as a function pointer. | |||||
| CVE-2009-0478 | 1 Squid | 1 Squid | 2018-10-11 | 5.0 MEDIUM | N/A |
| Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c. | |||||
| CVE-2009-0164 | 1 Apple | 1 Cups | 2018-10-11 | 6.4 MEDIUM | N/A |
| The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks. | |||||
| CVE-2009-0050 | 1 Entrouvert | 1 Lasso | 2018-10-11 | 4.3 MEDIUM | N/A |
| Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2009-0120 | 1 Ibm | 1 Websphere Datapower Xml Security Gateway Xs40 | 2018-10-11 | 7.8 HIGH | N/A |
| The IBM WebSphere DataPower XML Security Gateway XS40 with firmware 3.6.1.5 allows remote attackers to cause a denial of service (device reboot) by sending data over an established SSL connection, as demonstrated by the abc\r\n\r\n string data. | |||||
| CVE-2008-7269 | 1 Boka | 1 Siteengine | 2018-10-11 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action. | |||||
| CVE-2008-7185 | 1 Gnome | 1 Rhythmbox | 2018-10-11 | 4.3 MEDIUM | N/A |
| GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of service (segmentation fault and crash) via a playlist (.pls) file with a long Title field, possibly related to the g_hash_table_lookup function in b-playlist-manager.c. | |||||
| CVE-2009-0016 | 2 Apple, Microsoft | 2 Itunes, Windows | 2018-10-11 | 5.0 MEDIUM | N/A |
| Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header. | |||||
| CVE-2008-7029 | 1 Alilg | 1 Aliboard | 2018-10-11 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in usercp.php in AlilG Application AliBoard Beta allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as an avatar, then accessing it via a direct request to the file in uploads/avatars/. | |||||
| CVE-2008-7257 | 1 Cisco | 1 Asa 5580 | 2018-10-11 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary HTTP headers as demonstrated by a redirect attack involving a %0d%0aLocation%3a sequence in a URI, or conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCsr09163. | |||||
| CVE-2008-7215 | 2 Brilaps, Mambo-foundation | 2 Mostlyce, Mambo | 2018-10-11 | 5.8 MEDIUM | N/A |
| The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to rename arbitrary files and cause a denial of service via modified file[NewFile][name], file[NewFile][tmp_name], and file[NewFile][size] parameters in a FileUpload command, which are used to modify equivalent variables in $_FILES that are accessed when the is_uploaded_file check fails. | |||||
| CVE-2008-6557 | 1 Puppetmaster | 1 Webutil | 2018-10-11 | 10.0 HIGH | N/A |
| cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows remote attackers to execute arbitrary commands via shell metacharacters in the details command. | |||||
| CVE-2008-6497 | 1 Tp | 1 Neostrada Livebox Adsl Router | 2018-10-11 | 7.8 HIGH | N/A |
| The Neostrada Livebox ADSL Router allows remote attackers to cause a denial of service (network outage) via multiple HTTP requests for the /- URI. | |||||