Total
13192 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-9278 | 1 Samsung | 1 Exynos Fimg2d Driver | 2025-04-20 | N/A |
| The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows local users to cause a denial of service (kernel panic) via a crafted ioctl command. The Samsung ID is SVE-2016-6736. | ||||
| CVE-2017-8260 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later. | ||||
| CVE-2017-6318 | 2 Opensuse, Sane-backends Project | 2 Leap, Sane-backends | 2025-04-20 | N/A |
| saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet. | ||||
| CVE-2016-8944 | 1 Ibm | 1 Aix | 2025-04-20 | N/A |
| IBM AIX 7.1 and 7.2 allows a local user to open a file with a specially crafted argument that would crash the system. IBM APARs: IV91488, IV91487, IV91456, IV90234. | ||||
| CVE-2017-12277 | 1 Cisco | 6 Firepower 4110 Next-generation Firewall, Firepower 4120 Next-generation Firewall, Firepower 4140 Next-generation Firewall and 3 more | 2025-04-20 | N/A |
| A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges. The vulnerability is due to insufficient input validation of certain Smart Licensing configuration parameters. An authenticated attacker could exploit the vulnerability by configuring a malicious URL within the affected feature. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. This vulnerability affects the following Cisco Firepower Security products running FX-OS code trains 1.1.3, 1.1.4, and 2.0.1 (versions 2.1.1, 2.2.1, and 2.2.2 are not affected): Firepower 4100 Series Next-Generation Firewall and Firepower 9300 Security Appliance. Cisco Bug IDs: CSCvb86863. | ||||
| CVE-2016-8738 | 1 Apache | 1 Struts | 2025-04-20 | N/A |
| In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. | ||||
| CVE-2017-1000116 | 3 Debian, Mercurial, Redhat | 9 Debian Linux, Mercurial, Enterprise Linux and 6 more | 2025-04-20 | N/A |
| Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks. | ||||
| CVE-2016-8344 | 1 Honeywell | 1 Experion Process Knowledge System | 2025-04-20 | N/A |
| An issue was discovered in Honeywell Experion Process Knowledge System (PKS) platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430, and Experion PKS, Release 431. Experion PKS does not properly validate input. By sending a specially crafted packet, an attacker could cause the process to terminate. A successful exploit would prevent firmware uploads to the Series-C devices. | ||||
| CVE-2016-7957 | 1 Wireshark | 1 Wireshark | 2025-04-20 | N/A |
| In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-btl2cap.c by avoiding use of a seven-byte memcmp for potentially shorter strings. | ||||
| CVE-2016-7958 | 1 Wireshark | 1 Wireshark | 2025-04-20 | N/A |
| In Wireshark 2.2.0, the NCP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/CMakeLists.txt by registering this dissector. | ||||
| CVE-2017-5659 | 1 Apache | 1 Traffic Server | 2025-04-20 | N/A |
| Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding. | ||||
| CVE-2017-5606 | 1 Xabber | 1 Xabber | 2025-04-20 | 5.9 Medium |
| An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Xabber (only if manually enabled: 1.0.30, 1.0.30 VIP, beta 1.0.3 - 1.0.74; Android). | ||||
| CVE-2016-7476 | 1 F5 | 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Application Acceleration Manager and 7 more | 2025-04-20 | N/A |
| The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, and WebSafe 11.6.0 before 11.6.0 HF6, 11.5.0 before 11.5.3 HF2, and 11.3.0 before 11.4.1 HF10 may suffer from a memory leak while handling certain types of TCP traffic. Remote attackers may cause a denial of service (DoS) by way of a crafted TCP packet. | ||||
| CVE-2016-4841 | 1 Cybozu | 1 Mailwise | 2025-04-20 | N/A |
| Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers. | ||||
| CVE-2017-5592 | 1 Profanity Project | 1 Profanity | 2025-04-20 | 5.9 Medium |
| An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for profanity (0.4.7 - 0.5.0). | ||||
| CVE-2016-4461 | 2 Apache, Netapp | 2 Struts, Oncommand Balance | 2025-04-20 | N/A |
| Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785. | ||||
| CVE-2017-12595 | 1 Qpdf Project | 1 Qpdf | 2025-04-20 | N/A |
| The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqpdf/QPDFObjectHandle.cc. | ||||
| CVE-2016-4690 | 1 Apple | 1 Iphone Os | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Image Capture" component, which allows attackers to execute arbitrary code via a crafted USB HID device. | ||||
| CVE-2016-6244 | 1 Openbsd | 1 Openbsd | 2025-04-20 | N/A |
| The sys_thrsigdivert function in kern/kern_sig.c in the OpenBSD kernel 5.9 allows remote attackers to cause a denial of service (panic) via a negative "ts.tv_sec" value. | ||||
| CVE-2016-4927 | 1 Juniper | 1 Junos Space | 2025-04-20 | N/A |
| Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices. | ||||