Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-13809 | 1 Apple | 1 Mac Os X | 2017-11-27 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "AppleScript" component. It allows remote attackers to execute arbitrary code via a crafted AppleScript file that is mishandled by osadecompile. | |||||
| CVE-2017-13807 | 1 Apple | 1 Mac Os X | 2017-11-27 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted QuickTime file. | |||||
| CVE-2017-12802 | 1 Matroska | 3 Libebml2, Mkclean, Mkvalidator | 2017-11-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| The EBML_IntegerValue function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. | |||||
| CVE-2017-6671 | 1 Cisco | 1 Email Security Appliance Firmware | 2017-11-27 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device, as demonstrated by the Attachment Filter. More Information: CSCvd34632. Known Affected Releases: 10.0.1-087 9.7.1-066. Known Fixed Releases: 10.0.2-020 9.8.1-015. | |||||
| CVE-2017-12801 | 1 Matroska | 3 Libebml2, Mkclean, Mkvalidator | 2017-11-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| The UpdateDataSize function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. | |||||
| CVE-2017-12782 | 1 Matroska | 3 Libebml2, Mkclean, Mkvalidator | 2017-11-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| The ReadData function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. | |||||
| CVE-2017-12783 | 1 Matroska | 3 Libebml2, Mkclean, Mkvalidator | 2017-11-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| The ReadDataFloat function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. | |||||
| CVE-2017-16237 | 1 Tgsoft | 1 Vir.it Explorer | 2017-11-22 | 4.6 MEDIUM | 7.8 HIGH |
| In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64.SYS) contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8273007C. | |||||
| CVE-2017-9938 | 1 Siemens | 1 Simatic Logon | 2017-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was discovered in Siemens SIMATIC Logon (All versions before V1.6) that could allow specially crafted packets sent to the SIMATIC Logon Remote Access service on port 16389/tcp to cause a Denial-of-Service condition. The service restarts automatically. | |||||
| CVE-2017-1000122 | 1 Webkitgtk | 1 Webkitgtk\+ | 2017-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release assertion) of the UI process. This vulnerability does not affect Apple products. | |||||
| CVE-2017-14919 | 1 Nodejs | 1 Node.js | 2017-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter. | |||||
| CVE-2014-0819 | 1 Autodesk | 1 Autocad | 2017-11-21 | 4.4 MEDIUM | N/A |
| Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | |||||
| CVE-2016-2516 | 1 Ntp | 1 Ntp | 2017-11-21 | 7.1 HIGH | 5.3 MEDIUM |
| NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive. | |||||
| CVE-2016-2517 | 1 Ntp | 1 Ntp | 2017-11-21 | 4.9 MEDIUM | 5.3 MEDIUM |
| NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression. | |||||
| CVE-2017-16227 | 2 Debian, Quagga | 2 Debian Linux, Quagga | 2017-11-18 | 5.0 MEDIUM | 7.5 HIGH |
| The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message. | |||||
| CVE-2013-4673 | 1 Symantec | 3 Web Gateway, Web Gateway Appliance 8450, Web Gateway Appliance 8490 | 2017-11-18 | 5.8 MEDIUM | N/A |
| The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 does not properly implement RADIUS authentication, which allows remote attackers to execute arbitrary code by leveraging access to the login prompt. | |||||
| CVE-2017-15956 | 1 Converto Video Downloader \& Converter Project | 1 Converto Video Downloader \& Converter | 2017-11-17 | 5.0 MEDIUM | 7.5 HIGH |
| ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php. | |||||
| CVE-2015-6839 | 1 Grupo Msa | 1 Vot.ar | 2017-11-17 | 2.1 LOW | 4.6 MEDIUM |
| The parse function in MSA vot.Ar 3.1 does not check whether a candidate receives more than one vote, which allows physically proximate attackers to cast multiple votes for a candidate via a crafted RFID ballot tag. | |||||
| CVE-2017-9675 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2017-11-17 | 7.8 HIGH | 7.5 HIGH |
| On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin allows an unauthenticated GET request to trigger a reboot. | |||||
| CVE-2017-15928 | 1 Ox Project | 1 Ox | 2017-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation fault when a crafted input is supplied to parse_obj. NOTE: the vendor has stated "Ox should handle the error more gracefully" but has not confirmed a security implication. | |||||