Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5102 | 1 Libtiff | 1 Libtiff | 2018-03-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file. | |||||
| CVE-2017-17221 | 1 Huawei | 4 Espace 7950, Espace 7950 Firmware, Espace 8950 and 1 more | 2018-03-27 | 6.5 MEDIUM | 8.8 HIGH |
| Import Signal Tone function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after the Signal Tone is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code. | |||||
| CVE-2017-17222 | 1 Huawei | 4 Espace 7950, Espace 7950 Firmware, Espace 8950 and 1 more | 2018-03-27 | 6.5 MEDIUM | 8.8 HIGH |
| Import Language Package function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after Language Package is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code. | |||||
| CVE-2017-17219 | 1 Huawei | 12 Dp300, Dp300 Firmware, Rp200 and 9 more | 2018-03-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| SCCPX module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an invalid memory access vulnerabilities. An unauthenticated, remote attacker crafts malformed packets with specific parameter to the affected products. Due to insufficient validation of packets, successful exploitation may impact availability of product service. | |||||
| CVE-2017-17138 | 1 Huawei | 48 Dp300, Dp300 Firmware, Ips Module and 45 more | 2018-03-27 | 2.1 LOW | 5.5 MEDIUM |
| PEM module of DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has a DoS vulnerability in PEM module of Huawei products due to insufficient verification. An authenticated local attacker can make processing into deadloop by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service. | |||||
| CVE-2016-0276 | 1 Ibm | 1 Financial Transaction Manager | 2018-03-26 | 6.5 MEDIUM | 6.3 MEDIUM |
| IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object. IBM X-Force ID: 111084. | |||||
| CVE-2018-7583 | 1 Advantig | 1 Dualdesk | 2018-03-26 | 5.0 MEDIUM | 7.5 HIGH |
| Proxy.exe in DualDesk 20 allows Remote Denial Of Service (daemon crash) via a long string to TCP port 5500. | |||||
| CVE-2016-8785 | 1 Huawei | 8 S12700, S12700 Firmware, S5700 and 5 more | 2018-03-26 | 4.3 MEDIUM | 4.3 MEDIUM |
| Huawei S12700 V200R007C00, V200R008C00, S5700 V200R007C00, S7700 V200R002C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R007C00 have an input validation vulnerability. Due to the lack of input validation, an attacker may craft a malformed packet and send it to the device using VRP, causing the device to display additional memory data and possibly leading to sensitive information leakage. | |||||
| CVE-2016-8786 | 1 Huawei | 10 S12700, S12700 Firmware, S5700 and 7 more | 2018-03-26 | 7.8 HIGH | 7.5 HIGH |
| Huawei S12700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, S5700 V200R006C00, V200R007C00, V200R008C00, S6700 V200R008C00, S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00 have a denial of service (DoS) vulnerability. Due to the lack of input validation, a remote attacker may craft a malformed Resource Reservation Protocol (RSVP) packet and send it to the device, causing a few buffer overflows and occasional device restart. | |||||
| CVE-2017-6154 | 1 F5 | 1 Big-ip Application Security Manager | 2018-03-23 | 5.0 MEDIUM | 7.5 HIGH |
| On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, the BIG-IP ASM bd daemon may core dump memory under some circumstances when processing undisclosed types of data on systems with 48 or more CPU cores. | |||||
| CVE-2017-6150 | 1 F5 | 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 7 more | 2018-03-23 | 7.8 HIGH | 7.5 HIGH |
| Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM). | |||||
| CVE-2017-7600 | 1 Libtiff | 1 Libtiff | 2018-03-22 | 6.8 MEDIUM | 7.8 HIGH |
| LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | |||||
| CVE-2017-7596 | 1 Libtiff | 1 Libtiff | 2018-03-22 | 6.8 MEDIUM | 7.8 HIGH |
| LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | |||||
| CVE-2017-7592 | 1 Libtiff | 1 Libtiff | 2018-03-22 | 6.8 MEDIUM | 7.8 HIGH |
| The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | |||||
| CVE-2017-7599 | 1 Libtiff | 1 Libtiff | 2018-03-22 | 6.8 MEDIUM | 7.8 HIGH |
| LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | |||||
| CVE-2017-10688 | 1 Libtiff | 1 Libtiff | 2018-03-22 | 5.0 MEDIUM | 7.5 HIGH |
| In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack. | |||||
| CVE-2017-7597 | 1 Libtiff | 1 Libtiff | 2018-03-22 | 6.8 MEDIUM | 7.8 HIGH |
| tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | |||||
| CVE-2017-7601 | 1 Libtiff | 1 Libtiff | 2018-03-22 | 6.8 MEDIUM | 7.8 HIGH |
| LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | |||||
| CVE-2016-10371 | 1 Libtiff | 1 Libtiff | 2018-03-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file. | |||||
| CVE-2011-3477 | 1 Symantec | 4 Backup Exec System Recovery, Norton 360, Norton Ghost and 1 more | 2018-03-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| GEAR Software CD DVD Filter driver (aka GEARAspiWDM.sys), as used in Symantec Backup Exec System Recovery 8.5 and BESR 2010, Symantec System Recovery 2011, Norton 360, and Norton Ghost, allows local users to cause a denial of service (system crash) via unspecified vectors. | |||||