ReportizFlow
Filtered by vendor
Subscriptions
Total
13190 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-0499 | 1 Google | 1 Android | 2025-04-20 | N/A |
| A denial of service vulnerability in Audioserver could enable a local malicious application to cause a device hang or reboot. This issue is rated as Low due to the possibility of a temporary denial of service. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32095713. | ||||
| CVE-2017-0675 | 1 Google | 1 Android | 2025-04-20 | N/A |
| A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34779227. | ||||
| CVE-2016-9263 | 1 Wordpress | 1 Wordpress | 2025-04-20 | N/A |
| WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file. | ||||
| CVE-2014-9831 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 8.8 High |
| coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file. | ||||
| CVE-2014-9810 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 5.5 Medium |
| The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file. | ||||
| CVE-2017-12328 | 1 Cisco | 1 Ip Phone 8800 Series Firmware | 2025-04-20 | N/A |
| A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts. All active phone calls are dropped as the SIP process restarts. The vulnerability is due to incomplete input validation of the SIP packet header. An attacker could exploit this vulnerability by sending a malformed SIP packet to a targeted phone. An exploit could allow the attacker to cause a DoS condition because all phone calls are dropped when the SIP process unexpectedly restarts. Cisco Bug IDs: CSCvc62590. | ||||
| CVE-2017-13147 | 1 Graphicsmagick | 1 Graphicsmagick | 2025-04-20 | N/A |
| In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value. | ||||
| CVE-2017-7408 | 1 Paloaltonetworks | 1 Traps | 2025-04-20 | 7.5 High |
| Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to cause a denial of service by leveraging improper validation of requests to revoke a Traps agent license. | ||||
| CVE-2017-16547 | 1 Graphicsmagick | 1 Graphicsmagick | 2025-04-20 | N/A |
| The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file. | ||||
| CVE-2017-8664 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Server 2012 and 1 more | 2025-04-20 | N/A |
| Windows Hyper-V in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability". | ||||
| CVE-2017-5880 | 1 Splunk | 1 Splunk | 2025-04-20 | N/A |
| Splunk Web in Splunk Enterprise versions 6.5.x before 6.5.2, 6.4.x before 6.4.5, 6.3.x before 6.3.9, 6.2.x before 6.2.13, 6.1.x before 6.1.12, 6.0.x before 6.0.13, 5.0.x before 5.0.17 and Splunk Light versions before 6.5.2 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted GET request, aka SPL-130279. | ||||
| CVE-2017-12300 | 1 Cisco | 1 Secure Firewall Management Center | 2025-04-20 | N/A |
| A vulnerability in the SNORT detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the Server Message Block Version 2 (SMB2) protocol. The vulnerability is due to the incorrect detection of an SMB2 file when the detection is based on the length of the file. An attacker could exploit this vulnerability by sending a crafted SMB2 transfer request through the targeted device. A successful exploit could allow the attacker to bypass filters that are configured to block SMB2 traffic. Cisco Bug IDs: CSCve58398. | ||||
| CVE-2017-14230 | 1 Cyrus | 1 Imap | 2025-04-20 | N/A |
| In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a 'LIST "" "Other Users"' command. | ||||
| CVE-2017-12286 | 1 Cisco | 2 Jabber, Webex Meeting Center | 2025-04-20 | N/A |
| A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profile information from the affected software, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input and validation checks in the affected software. An attacker could exploit this vulnerability by authenticating locally to an affected system and then issuing specific commands to the affected software. A successful exploit could allow the attacker to view all profile information for a user instead of only certain Jabber parameters that should be visible. This vulnerability affects all releases of Cisco Jabber prior to Release 1.9.31. Cisco Bug IDs: CSCve52418. | ||||
| CVE-2017-14518 | 1 Freedesktop | 1 Poppler | 2025-04-20 | N/A |
| In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document. | ||||
| CVE-2014-9971 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts causes an instruction inside of an assert to not be executed resulting in incorrect control flow. | ||||
| CVE-2017-15868 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2025-04-20 | 7.8 High |
| The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application. | ||||
| CVE-2017-11863 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2025-04-20 | N/A |
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to trick a user into loading a page containing malicious content, due to how the Edge Content Security Policy (CSP) validates documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11872 and CVE-2017-11874. | ||||
| CVE-2016-5552 | 2 Oracle, Redhat | 7 Jdk, Jre, Jrockit and 4 more | 2025-04-20 | N/A |
| Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Integrity impacts). | ||||
| CVE-2017-0273 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2025-04-20 | N/A |
| The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". This CVE ID is unique from CVE-2017-0269 and CVE-2017-0280. | ||||