Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-3280 | 1 Oracle | 1 Partner Management | 2017-02-11 | 4.3 MEDIUM | 4.7 MEDIUM |
| Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS v3.0 Base Score 4.7 (Integrity impacts). | |||||
| CVE-2016-6131 | 1 Gnu | 1 Libiberty | 2017-02-09 | 5.0 MEDIUM | 7.5 HIGH |
| The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types. | |||||
| CVE-2016-6234 | 1 Lepton Project | 1 Lepton | 2017-02-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| The process_file function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (crash) via a crafted jpeg file. | |||||
| CVE-2016-6084 | 1 Ibm | 1 Bigfix Platform | 2017-02-07 | 3.3 LOW | 6.5 MEDIUM |
| IBM BigFix Platform could allow an attacker on the local network to crash the BES server using a specially crafted XMLSchema request. | |||||
| CVE-2016-3071 | 2 Fedoraproject, Libreswan | 2 Fedora, Libreswan | 2017-02-07 | 5.0 MEDIUM | 7.5 HIGH |
| Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform. | |||||
| CVE-2016-9420 | 1 Mybb | 2 Merge System, Mybb | 2017-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allow remote attackers to have unspecified impact via vectors related to "loose comparison false positives." | |||||
| CVE-2017-3242 | 1 Oracle | 1 Vm Server | 2017-01-31 | 1.9 LOW | 5.9 MEDIUM |
| Vulnerability in the Oracle VM Server for Sparc component of Oracle Sun Systems Products Suite (subcomponent: LDOM Manager). Supported versions that are affected are 3.2 and 3.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM Server for Sparc executes to compromise Oracle VM Server for Sparc. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM Server for Sparc, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM Server for Sparc. CVSS v3.0 Base Score 5.9 (Availability impacts). | |||||
| CVE-2016-5119 | 1 Keepass | 1 Keepass | 2017-01-24 | 5.1 MEDIUM | 7.5 HIGH |
| The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update. | |||||
| CVE-2016-8442 | 1 Linux | 1 Linux Kernel | 2017-01-24 | 7.2 HIGH | 7.8 HIGH |
| Possible unauthorized memory access in the hypervisor. Lack of input validation could allow hypervisor memory to be accessed by the HLOS. Product: Android. Versions: Kernel 3.18. Android ID: A-31625910. QC-CR#1038173. | |||||
| CVE-2015-8212 | 1 Netbsd | 1 Netbsd | 2017-01-20 | 7.5 HIGH | 9.8 CRITICAL |
| CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program. | |||||
| CVE-2017-2947 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2017-01-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have a security bypass vulnerability when manipulating Form Data Format (FDF). | |||||
| CVE-2017-0389 | 1 Google | 1 Android | 2017-01-18 | 7.8 HIGH | 7.5 HIGH |
| A denial of service vulnerability in core networking could enable a remote attacker to use specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31850211. | |||||
| CVE-2016-8437 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 10.0 HIGH | 9.8 CRITICAL |
| Improper input validation in Access Control APIs. Access control API may return memory range checking incorrectly. Product: Android. Versions: Kernel 3.18. Android ID: A-31623057. References: QC-CR#1009695. | |||||
| CVE-2016-5361 | 1 Libreswan | 1 Libreswan | 2017-01-18 | 5.0 MEDIUM | 7.5 HIGH |
| programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 protocol, but has a required security update from the libreswan vendor; as of 2016-06-10, it is expected that several other IKEv1 implementations will have vendor-required security updates, with separate CVE IDs assigned to each. | |||||
| CVE-2016-7791 | 1 Exponentcms | 1 Exponent Cms | 2017-01-13 | 7.5 HIGH | 9.8 CRITICAL |
| Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload an evil 'exploit.tar.gz' file to the website, then extract it by visiting '/install/index.php?install_sample=../../files/exploit', which leads to arbitrary code execution. | |||||
| CVE-2016-7790 | 1 Exponentcms | 1 Exponent Cms | 2017-01-13 | 7.5 HIGH | 9.8 CRITICAL |
| Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload 'php' file to the website through uploader_paste.php, then overwrite /framework/conf/config.php, which leads to arbitrary code execution. | |||||
| CVE-2014-3299 | 1 Cisco | 1 Ios | 2017-01-12 | 6.8 MEDIUM | N/A |
| Cisco IOS allows remote authenticated users to cause a denial of service (device reload) via malformed IPsec packets, aka Bug ID CSCui79745. | |||||
| CVE-2014-3322 | 1 Cisco | 8 Asr 9000 Rsp440 Router, Asr 9001, Asr 9006 and 5 more | 2017-01-12 | 6.1 MEDIUM | N/A |
| Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuo68417. | |||||
| CVE-2014-3321 | 1 Cisco | 8 Asr 9000 Rsp440 Router, Asr 9001, Asr 9006 and 5 more | 2017-01-12 | 5.7 MEDIUM | N/A |
| Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group virtual interface (BVI) routing is enabled, allows remote attackers to cause a denial of service (chip and card hangs) via a series of crafted MPLS packets, aka Bug ID CSCuo91149. | |||||
| CVE-2014-3308 | 1 Cisco | 8 Asr 9000 Rsp440 Router, Asr 9001, Asr 9006 and 5 more | 2017-01-12 | 6.4 MEDIUM | N/A |
| Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static punt policer, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted packets, aka Bug ID CSCun83985. | |||||