Search Results (Refine Search)
- Category (CWE): CWE-20 Improper Input Validation
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-13790 |
An issue was discovered in certain Apple products. Safari before 11.0.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site. Published: November 12, 2017; 10:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-13789 |
An issue was discovered in certain Apple products. Safari before 11.0.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site. Published: November 12, 2017; 10:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-12802 |
The EBML_IntegerValue function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. Published: November 09, 2017; 9:29:17 PM -0500 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-12801 |
The UpdateDataSize function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. Published: November 09, 2017; 9:29:17 PM -0500 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-12783 |
The ReadDataFloat function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. Published: November 09, 2017; 9:29:17 PM -0500 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-12782 |
The ReadData function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. Published: November 09, 2017; 9:29:17 PM -0500 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-11461 |
NetApp OnCommand Unified Manager for 7-mode (core package) versions prior to 5.2.1 are susceptible to a clickjacking or "UI redress attack" which could be used to cause a user to perform an unintended action in the user interface. Published: November 09, 2017; 9:29:16 PM -0500 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-16637 |
In Vectura Perfect Privacy VPN Manager v1.10.10 and v1.10.11, when resetting the network data via the software client, with a running VPN connection, a critical error occurs which leads to a "FrmAdvancedProtection" crash. Although the mechanism malfunctions and an error occurs during the runtime with the stack trace being issued, the software process is not properly terminated. The software client is still attempting to maintain the connection even though the network connection information is being reset live. In that insecure mode, the "FrmAdvancedProtection" component crashes, but the process continues to run with different errors and process corruptions. This local corruption vulnerability can be exploited by local attackers. Published: November 06, 2017; 5:29:00 PM -0500 |
V4.0:(not available) V3.0: 4.4 MEDIUM V2.0: 2.1 LOW |
CVE-2017-14025 |
An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrieve any file on the server. Published: November 06, 2017; 5:29:00 PM -0500 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2017-14023 |
An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface. Published: November 06, 2017; 5:29:00 PM -0500 |
V4.0:(not available) V3.1: 4.9 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-11177 |
TRITON AP-EMAIL 8.2 before 8.2 IB does not properly restrict file access in an unspecified directory. Published: November 06, 2017; 12:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-16547 |
The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file. Published: November 06, 2017; 12:29:00 AM -0500 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-16538 |
drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner). Published: November 03, 2017; 9:29:37 PM -0400 |
V4.0:(not available) V3.0: 6.6 MEDIUM V2.0: 7.2 HIGH |
CVE-2017-16237 |
In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64.SYS) contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8273007C. Published: November 03, 2017; 1:29:00 AM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2017-12277 |
A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges. The vulnerability is due to insufficient input validation of certain Smart Licensing configuration parameters. An authenticated attacker could exploit the vulnerability by configuring a malicious URL within the affected feature. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. This vulnerability affects the following Cisco Firepower Security products running FX-OS code trains 1.1.3, 1.1.4, and 2.0.1 (versions 2.1.1, 2.2.1, and 2.2.2 are not affected): Firepower 4100 Series Next-Generation Firewall and Firepower 9300 Security Appliance. Cisco Bug IDs: CSCvb86863. Published: November 02, 2017; 12:29:00 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 9.0 HIGH |
CVE-2017-12275 |
A vulnerability in the implementation of 802.11v Basic Service Set (BSS) Transition Management functionality in Cisco Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of 802.11v BSS Transition Management Response packets that an affected device receives from wireless clients. An attacker could exploit this vulnerability by sending a malformed 802.11v BSS Transition Management Response packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload unexpectedly, resulting in a DoS condition. Cisco Bug IDs: CSCvb57803. Published: November 02, 2017; 12:29:00 PM -0400 |
V4.0:(not available) V3.0: 7.4 HIGH V2.0: 6.1 MEDIUM |
CVE-2017-12274 |
A vulnerability in Extensible Authentication Protocol (EAP) ingress frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of the EAP frame. An attacker could exploit this vulnerability by sending a malformed EAP frame to the targeted device. A successful exploit could allow the attacker to cause the AP to reload, resulting in a DoS condition while the AP is reloading. It may be necessary to manually power cycle the device in order for it to recover. This vulnerability affects the following Cisco products running either the Lightweight AP Software or Mobility Express image: Aironet 1560 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Note: The Cisco Aironet 1560 Series Access Point device is supported as of release 8.3.112.0. Cisco Bug IDs: CSCve18935. Published: November 02, 2017; 12:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 6.1 MEDIUM |
CVE-2017-12273 |
A vulnerability in 802.11 association request frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient frame validation of the 802.11 association request. An attacker could exploit this vulnerability by sending a malformed 802.11 association request to the targeted device. An exploit could allow the attacker to cause the AP to reload, resulting in a DoS condition while the AP is reloading. This vulnerability affects the following Cisco products running either the Lightweight AP Software or Mobility Express image: Aironet 1560 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Note: The Cisco Aironet 1560 Series Access Point device is supported as of release 8.3.112.0. Cisco Bug IDs: CSCve12189. Published: November 02, 2017; 12:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 6.1 MEDIUM |
CVE-2017-1000122 |
The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release assertion) of the UI process. This vulnerability does not affect Apple products. Published: November 01, 2017; 5:29:00 PM -0400 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2017-14992 |
Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing. Published: November 01, 2017; 1:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |