Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-13186 | 1 Google | 1 Android | 2018-01-25 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the Android media framework (libavc) related to incorrect use of mmco parameters. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65735716. | |||||
| CVE-2015-9246 | 1 Skyboxsecurity | 1 Skybox Platform | 2018-01-24 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Skybox Platform before 7.5.201. Remote Unauthenticated Code Execution exists via a WAR archive containing a JSP file. The WAR file is sent to /skyboxview-softwareupdate/services/CollectorSoftwareUpdate and the JSP file is reached at /opt/skyboxview/thirdparty/jboss/server/web/work/jboss.web/localhost. | |||||
| CVE-2017-18019 | 1 K7computing | 1 Total Security | 2018-01-19 | 3.6 LOW | 7.1 HIGH |
| In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficiently sanitized: the user-controlled input can be used to compare an arbitrary memory address with a fixed value, which in turn can be used to read the contents of arbitrary memory. Similarly, the product crashes upon a \\.\K7Sentry DeviceIoControl call with an invalid kernel pointer. | |||||
| CVE-2014-8336 | 1 Wp-dbmanager Project | 1 Wp-dbmanager | 2018-01-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| The "Sql Run Query" panel in WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOAD_FILE in an INSERT statement. | |||||
| CVE-2016-4449 | 3 Canonical, Debian, Xmlsoft | 3 Ubuntu Linux, Debian Linux, Libxml2 | 2018-01-18 | 5.8 MEDIUM | 7.1 HIGH |
| XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. | |||||
| CVE-2011-4138 | 1 Djangoproject | 1 Django | 2018-01-18 | 5.0 MEDIUM | N/A |
| The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote attackers to trigger arbitrary GET requests with an unintended source IP address via a crafted Location header. | |||||
| CVE-2012-1172 | 1 Php | 1 Php | 2018-01-18 | 5.8 MEDIUM | N/A |
| The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions. | |||||
| CVE-2011-4153 | 1 Php | 1 Php | 2018-01-18 | 5.0 MEDIUM | N/A |
| PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c. | |||||
| CVE-2011-4136 | 1 Djangoproject | 1 Django | 2018-01-18 | 5.8 MEDIUM | N/A |
| django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that session's identifier. | |||||
| CVE-2011-4139 | 1 Djangoproject | 1 Django | 2018-01-18 | 5.0 MEDIUM | N/A |
| Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request. | |||||
| CVE-2017-1000423 | 1 B2evolution | 1 B2evolution | 2018-01-17 | 7.5 HIGH | 9.8 CRITICAL |
| b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup. | |||||
| CVE-2017-1000469 | 1 Cobbler Project | 1 Cobbler | 2018-01-17 | 10.0 HIGH | 9.8 CRITICAL |
| Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user. | |||||
| CVE-2017-15324 | 1 Huawei | 4 S5700, S5700 Firmware, S6700 and 1 more | 2018-01-17 | 7.8 HIGH | 7.5 HIGH |
| Huawei S5700 and S6700 with software of V200R005C00 have a DoS vulnerability due to insufficient validation of the Network Quality Analysis (NQA) packets. A remote attacker could exploit this vulnerability by sending malformed NQA packets to the target device. Successful exploitation could make the device restart. | |||||
| CVE-2017-15591 | 1 Xen | 1 Xen | 2018-01-16 | 4.9 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of service (host OS crash) because of a missing comparison (of range start to range end) within the DMOP map/unmap implementation. | |||||
| CVE-2017-7394 | 1 Tigervnc | 1 Tigervnc | 2018-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames. | |||||
| CVE-2018-5085 | 1 K7computing | 1 Antivirus | 2018-01-12 | 6.1 MEDIUM | 7.8 HIGH |
| In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002124. | |||||
| CVE-2017-17537 | 1 Mikrotik | 1 Routerboard | 2018-01-12 | 5.0 MEDIUM | 7.5 HIGH |
| MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated remote attacker to cause a denial of service by connecting to TCP port 53 and sending data that begins with many '\0' characters, possibly related to DNS. | |||||
| CVE-2017-6133 | 1 F5 | 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 7 more | 2018-01-12 | 7.8 HIGH | 7.5 HIGH |
| In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service. | |||||
| CVE-2017-6134 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2018-01-12 | 3.3 LOW | 6.5 MEDIUM |
| In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced from an adjacent network may cause TMM to crash. | |||||
| CVE-2018-5088 | 1 K7computing | 1 Antivirus | 2018-01-12 | 6.1 MEDIUM | 7.8 HIGH |
| In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300211C. | |||||