Latest CVE Feed
-
5.5
MEDIUMCVE-2014-9844
The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.... Read more
- Published: Mar. 20, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2014-9843
The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors.... Read more
- Published: Mar. 20, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2014-9842
Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.... Read more
- Published: Mar. 20, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2014-9841
The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions."... Read more
- Published: Mar. 20, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2012-5361
Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted WMV file.... Read more
Affected Products : ffmpeg- Published: Mar. 20, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-7187
The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call... Read more
Affected Products : linux_kernel- Published: Mar. 20, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-7186
libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.... Read more
- Published: Mar. 20, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2014-9938
contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.... Read more
Affected Products : git- Published: Mar. 20, 2017
- Modified: Apr. 20, 2025
-
7.2
HIGHCVE-2017-5623
An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem boot_mode {rf/wlan/ftm/normal} command' in contradiction to the threat model of Android where the... Read more
- Published: Mar. 19, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-7184
The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based ... Read more
- Published: Mar. 19, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2016-8855
Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) allows remote attacks via the Name or Description parameter. This is fixed in 8.2 Update-2.... Read more
Affected Products : experience_platform- Published: Mar. 19, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-7178
CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plu... Read more
- Published: Mar. 18, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-7177
Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching.... Read more
- Published: Mar. 18, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2016-10253
An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordina... Read more
Affected Products : erlang\/otp- Published: Mar. 18, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-7174
The user-account creation feature in Chef Manage 2.1.0 through 2.4.4 allows remote attackers to execute arbitrary code. This is fixed in 2.4.5.... Read more
- Published: Mar. 17, 2017
- Modified: Apr. 20, 2025
-
10.0
HIGHCVE-2017-3881
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges... Read more
Affected Products : ios_xe ios catalyst_4948 catalyst_2960l-16ps-ll catalyst_2960l-16ts-ll catalyst_2960l-24ps-ll catalyst_2960l-24ts-ll catalyst_2960l-48ps-ll catalyst_2960l-48ts-ll catalyst_2960l-8ps-ll +313 more products- Actively Exploited
- Published: Mar. 17, 2017
- Modified: Apr. 20, 2025
-
6.5
MEDIUMCVE-2017-3880
An Authentication Bypass vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access limited meeting information on the Cisco WebEx Meetings Server. More Information: CSCvd50728. Known Affected Releases: 2.6 2.7 ... Read more
Affected Products : webex_meetings_server- Published: Mar. 17, 2017
- Modified: Apr. 20, 2025
-
5.3
MEDIUMCVE-2017-3879
A Denial of Service vulnerability in the remote login functionality for Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause a process used for login to terminate unexpectedly and the lo... Read more
Affected Products : nx-os nx-os nexus_92160yc_switch nexus_92300yc_switch nexus_92304qc_switch nexus_9236c_switch nexus_9272q_switch nexus_93108tc-ex_switch nexus_93120tx_switch nexus_93128tx_switch +11 more products- Published: Mar. 17, 2017
- Modified: Apr. 20, 2025
-
5.3
MEDIUMCVE-2017-3878
A Denial of Service vulnerability in the Telnet remote login functionality of Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause a Telnet process used for login to terminate unexpected... Read more
Affected Products : nx-os nx-os nexus_92160yc_switch nexus_92300yc_switch nexus_92304qc_switch nexus_9236c_switch nexus_9272q_switch nexus_93108tc-ex_switch nexus_93120tx_switch nexus_93128tx_switch +11 more products- Published: Mar. 17, 2017
- Modified: Apr. 20, 2025
-
6.5
MEDIUMCVE-2017-3877
A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web interface of the affected software. ... Read more
Affected Products : unified_communications_manager- Published: Mar. 17, 2017
- Modified: Apr. 20, 2025