ReportizFlow
Filtered by vendor
Subscriptions
Total
13190 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-7852 | 5 Debian, Netapp, Ntp and 2 more | 15 Debian Linux, Clustered Data Ontap, Data Ontap and 12 more | 2025-04-20 | 5.9 Medium |
| ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets. | ||||
| CVE-2017-13709 | 1 Flightgear | 1 Flightgear | 2025-04-20 | N/A |
| In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree. | ||||
| CVE-2017-8117 | 1 Huawei | 1 Uma | 2025-04-20 | N/A |
| The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges. | ||||
| CVE-2016-4868 | 1 Cybozu | 1 Office | 2025-04-20 | N/A |
| Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests. | ||||
| CVE-2015-7705 | 4 Citrix, Netapp, Ntp and 1 more | 10 Xenserver, Clustered Data Ontap, Data Ontap and 7 more | 2025-04-20 | 9.8 Critical |
| The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. | ||||
| CVE-2014-9733 | 1 Nwjs | 1 Nw.js | 2025-04-20 | N/A |
| nw.js before 0.11.5 can simulate user input events in a normal frame, which allows remote attackers to have unspecified impact via unknown vectors. | ||||
| CVE-2016-3109 | 1 Shopware | 1 Shopware | 2025-04-20 | N/A |
| The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code. | ||||
| CVE-2017-9801 | 1 Apache | 1 Commons Email | 2025-04-20 | N/A |
| When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers. | ||||
| CVE-2015-8538 | 1 Libdwarf Project | 1 Libdwarf | 2025-04-20 | 6.5 Medium |
| dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV). | ||||
| CVE-2017-2100 | 1 Ipa | 1 Appgoat | 2025-04-20 | N/A |
| Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.1 and earlier allows remote attackers to conduct DNS rebinding attacks via unspecified vectors. | ||||
| CVE-2016-7164 | 1 Libtorrent | 1 Libtorrent | 2025-04-20 | N/A |
| The construct function in puff.cpp in Libtorrent 1.1.0 allows remote torrent trackers to cause a denial of service (segmentation fault and crash) via a crafted GZIP response. | ||||
| CVE-2017-17803 | 1 Tgsoft | 1 Vir.it Explorer | 2025-04-20 | N/A |
| In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x82736068, a different vulnerability than CVE-2017-17475. | ||||
| CVE-2017-17800 | 1 Tgsoft | 1 Vir.it Explorer | 2025-04-20 | N/A |
| In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273A0A0, a different vulnerability than CVE-2017-17798. | ||||
| CVE-2017-17801 | 1 Tgsoft | 1 Vir.it Explorer | 2025-04-20 | N/A |
| In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273E060. | ||||
| CVE-2016-8275 | 1 Huawei | 1 Anyoffice | 2025-04-20 | N/A |
| Huawei AnyOffice V200R006C00 could allow an authenticated, remote attacker to cause the software to deny services by uploading an XML bomb. | ||||
| CVE-2016-8758 | 1 Huawei | 2 Mate 8, Mate 8 Firmware | 2025-04-20 | N/A |
| ION memory management module in Huawei Mate8 phones with software NXT-AL10C00B561 and earlier versions, NXT-CL10C00B561 and earlier versions, NXT-DL10C00B561 and earlier versions, NXT-TL10C00B561 and earlier versions allows attackers to cause a denial of service (restart). | ||||
| CVE-2016-8944 | 1 Ibm | 1 Aix | 2025-04-20 | N/A |
| IBM AIX 7.1 and 7.2 allows a local user to open a file with a specially crafted argument that would crash the system. IBM APARs: IV91488, IV91487, IV91456, IV90234. | ||||
| CVE-2017-7672 | 1 Apache | 1 Struts | 2025-04-20 | N/A |
| If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12. | ||||
| CVE-2017-6650 | 1 Cisco | 10 Nexus 5548up, Nexus 5596t, Nexus 5596up and 7 more | 2025-04-20 | N/A |
| A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into the Telnet CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86771. | ||||
| CVE-2017-1000018 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-20 | N/A |
| phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name | ||||