Total
13206 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-7154 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (system crash). | ||||
| CVE-2017-7074 | 1 Apple | 1 Mac Os X | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "AppSandbox" component. It allows attackers to cause a denial of service via a crafted app. | ||||
| CVE-2017-9741 | 1 Projectsend | 1 Projectsend | 2025-04-20 | N/A |
| install/make-config.php in ProjectSend r754 allows remote attackers to execute arbitrary PHP code via the dbprefix parameter, related to replacing TABLES_PREFIX in the configuration file. | ||||
| CVE-2017-9303 | 1 Laravel | 1 Laravel | 2025-04-20 | N/A |
| Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host. | ||||
| CVE-2017-1267 | 1 Ibm | 1 Security Guardium | 2025-04-20 | N/A |
| IBM Security Guardium 10.0 and 10.1 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 124742. | ||||
| CVE-2014-8149 | 1 Opendaylight | 1 Defense4all | 2025-04-20 | N/A |
| OpenDaylight defense4all 1.1.0 and earlier allows remote authenticated users to write report data to arbitrary files. | ||||
| CVE-2017-6551 | 1 Pexip | 1 Pexip Infinity | 2025-04-20 | N/A |
| Pexip Infinity before 14.2 allows remote attackers to cause a denial of service (service restart) or execute arbitrary code via vectors related to Conferencing Nodes. | ||||
| CVE-2014-8323 | 1 Aircrack-ng | 1 Aircrack-ng | 2025-04-20 | N/A |
| buddy-ng.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to cause a denial of service (segmentation fault) via a response with a crafted length parameter. | ||||
| CVE-2014-8705 | 1 Wondercms | 1 Wondercms | 2025-04-20 | N/A |
| PHP remote file inclusion vulnerability in editInplace.php in Wonder CMS 2014 allows remote attackers to execute arbitrary PHP code via a URL in the hook parameter. | ||||
| CVE-2017-3241 | 2 Oracle, Redhat | 7 Jdk, Jre, Jrockit and 4 more | 2025-04-20 | N/A |
| Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). | ||||
| CVE-2017-13704 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2025-04-20 | N/A |
| In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash. | ||||
| CVE-2017-7346 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device. | ||||
| CVE-2014-9965 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of an SCM call. | ||||
| CVE-2014-9806 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 5.5 Medium |
| ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file. | ||||
| CVE-2014-0072 | 1 Apache | 2 Cordova, Cordova File Transfer | 2025-04-20 | N/A |
| ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through 2.9.0 might allow remote attackers to spoof SSL servers by leveraging a default value of true for the trustAllHosts option. | ||||
| CVE-2014-9933 | 1 Google | 1 Android | 2025-04-20 | N/A |
| Due to missing input validation in all Android releases from CAF using the Linux kernel, HLOS can write to fuses for which it should not have access. | ||||
| CVE-2017-0373 | 1 Config-model Project | 1 Config-model | 2025-04-20 | N/A |
| The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous "use lib" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file. | ||||
| CVE-2017-7246 | 2 Pcre, Redhat | 2 Pcre, Jboss Core Services | 2025-04-20 | N/A |
| Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file. | ||||
| CVE-2015-3830 | 1 Google | 1 Android | 2025-04-20 | N/A |
| The stock Android browser address bar in all Android operating systems suffers from Address Bar Spoofing, which allows remote attackers to trick a victim by displaying a malicious page for legitimate domain names. | ||||
| CVE-2016-4899 | 1 Novastor | 1 Novabackup Datacenter | 2025-04-20 | N/A |
| The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors. | ||||