Total
166 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1935 | 1 Ibm | 1 Db2 | 2025-04-12 | 8.0 HIGH | N/A |
|
The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2015-2042 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 4.6 MEDIUM | N/A |
|
net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.
|
|||||
| CVE-2015-3183 | 1 Apache | 1 Http Server | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.
|
|||||
| CVE-2015-3811 | 2 Oracle, Wireshark | 3 Linux, Solaris, Wireshark | 2025-04-12 | 5.0 MEDIUM | N/A |
|
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188.
|
|||||
| CVE-2015-1262 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-12 | 7.5 HIGH | N/A |
|
platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google Chrome before 43.0.2357.65, does not initialize a certain width field, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Unicode text.
|
|||||
| CVE-2015-2738 | 5 Canonical, Debian, Mozilla and 2 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2025-04-12 | 10.0 HIGH | N/A |
|
The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.
|
|||||
| CVE-2015-7200 | 1 Mozilla | 1 Firefox | 2025-04-12 | 7.5 HIGH | N/A |
|
The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key.
|
|||||
| CVE-2014-7843 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 4.9 MEDIUM | N/A |
|
The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary.
|
|||||
| CVE-2015-0859 | 1 Debian | 1 Debian Linux | 2025-04-12 | 7.5 HIGH | N/A |
|
The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokeping_cgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments.
|
|||||
| CVE-2015-6818 | 2 Canonical, Ffmpeg | 2 Ubuntu Linux, Ffmpeg | 2025-04-12 | 7.5 HIGH | N/A |
|
The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks.
|
|||||
| CVE-2015-2737 | 5 Canonical, Debian, Mozilla and 2 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2025-04-12 | 10.0 HIGH | N/A |
|
The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.
|
|||||
| CVE-2015-6735 | 1 Timedmediahandler Project | 1 Timedmediahandler | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The reset functionality in the TimedMediaHandler extension for MediaWiki does not create a new transcode, which allows remote attackers to cause a denial of service (transcode deletion) by resetting a transcode.
|
|||||
| CVE-2015-1157 | 1 Apple | 3 Iphone Os, Itunes, Mac Os X | 2025-04-12 | 7.8 HIGH | N/A |
|
CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2) a WhatsApp message.
|
|||||
| CVE-2015-3002 | 1 Juniper | 13 Junos, Srx100, Srx110 and 10 more | 2025-04-12 | 6.9 MEDIUM | N/A |
|
Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, and 12.3X48 before 12.3X48-D10 on SRX series devices does not properly enforce the log-out-on-disconnect feature when configured in the [system port console] stanza, which allows physically proximate attackers to reconnect to the console port and gain administrative access by leveraging access to the device.
|
|||||
| CVE-2014-6092 | 1 Ibm | 1 Curam Social Program Management | 2025-04-12 | 5.0 MEDIUM | N/A |
|
IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause a denial of service (web-service outage) by making many login attempts with a valid caseworker account name.
|
|||||
| CVE-2014-6383 | 1 Juniper | 1 Junos | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The stateless firewall in Juniper Junos 13.3R3, 14.1R1, and 14.1R2, when using Trio-based PFE modules, does not properly match ports, which might allow remote attackers to bypass firewall rule.
|
|||||
| CVE-2015-7023 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | 5.8 MEDIUM | N/A |
|
CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors.
|
|||||
| CVE-2016-3721 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.
|
|||||
| CVE-2015-1463 | 2 Clamav, Fedoraproject | 2 Clamav, Fedora | 2025-04-12 | 5.0 MEDIUM | N/A |
|
ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization."
|
|||||
| CVE-2015-5176 | 1 Redhat | 1 Jboss Portal | 2025-04-12 | 5.8 MEDIUM | N/A |
|
The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource.
|
|||||
| CVE-2014-9066 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2025-04-12 | 4.7 MEDIUM | N/A |
|
Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability than CVE-2014-9065.
|
|||||
| CVE-2015-3292 | 1 Netapp | 1 Oncommand Workflow Automation | 2025-04-12 | 10.0 HIGH | N/A |
|
The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2015-4620 | 1 Isc | 1 Bind | 2025-04-12 | 7.8 HIGH | N/A |
|
name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone.
|
|||||
| CVE-2015-0275 | 2 Linux, Oracle | 2 Linux Kernel, Linux | 2025-04-12 | 4.9 MEDIUM | N/A |
|
The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service (BUG) via a crafted fallocate zero-range request.
|
|||||
| CVE-2015-6758 | 1 Google | 1 Chrome | 2025-04-12 | 6.8 MEDIUM | N/A |
|
The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.
|
|||||
| CVE-2015-4963 | 1 Ibm | 1 Security Access Manager For Web | 2025-04-12 | 7.5 HIGH | N/A |
|
IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before 8.0.1.3 mishandles WebSEAL HTTPTransformation requests, which allows remote attackers to read or write to arbitrary files via unspecified vectors.
|
|||||
| CVE-2015-5748 | 1 Apple | 3 Iphone Os, Mac Os X, Safari | 2025-04-12 | 2.1 LOW | N/A |
|
The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume.
|
|||||
| CVE-2015-2987 | 1 Type74 | 1 Ed | 2025-04-12 | 2.6 LOW | N/A |
|
Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smaller than 128 bits.
|
|||||
| CVE-2015-1233 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-04-12 | 7.5 HIGH | N/A |
|
Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2015-0817 | 1 Mozilla | 3 Firefox, Firefox Esr, Seamonkey | 2025-04-12 | 6.8 MEDIUM | N/A |
|
The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript.
|
|||||
| CVE-2014-7929 | 1 Google | 1 Chrome | 2025-04-12 | 7.5 HIGH | N/A |
|
Use-after-free vulnerability in the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving movement of a SCRIPT element across documents.
|
|||||
| CVE-2014-7926 | 6 Canonical, Google, Icu-project and 3 more | 9 Ubuntu Linux, Chrome, International Components For Unicode and 6 more | 2025-04-12 | 7.5 HIGH | N/A |
|
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a zero-length quantifier.
|
|||||
| CVE-2015-2743 | 3 Mozilla, Novell, Oracle | 6 Firefox, Firefox Esr, Suse Linux Enterprise Desktop and 3 more | 2025-04-12 | 7.5 HIGH | N/A |
|
PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass.
|
|||||
| CVE-2015-6736 | 1 Quiz Project | 1 Quiz | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The Quiz extension for MediaWiki allows remote attackers to cause a denial of service via regex metacharacters in a regular expression.
|
|||||
| CVE-2014-8172 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 4.9 MEDIUM | N/A |
|
The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows local users to cause a denial of service (soft lockup or system crash) via unspecified use of Asynchronous I/O (AIO) operations.
|
|||||
| CVE-2014-5277 | 1 Docker | 2 Docker, Docker-py | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic.
|
|||||
| CVE-2015-1799 | 1 Ntp | 1 Ntp | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.
|
|||||
| CVE-2015-1224 | 1 Google | 1 Chrome | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The VpxVideoDecoder::VpxDecode function in media/filters/vpx_video_decoder.cc in the vpxdecoder implementation in Google Chrome before 41.0.2272.76 does not ensure that alpha-plane dimensions are identical to image dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted VPx video data.
|
|||||
| CVE-2016-1943 | 3 Google, Mozilla, Opensuse | 4 Android, Firefox, Leap and 1 more | 2025-04-12 | 4.3 MEDIUM | 4.7 MEDIUM |
|
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.
|
|||||
| CVE-2015-5912 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses.
|
|||||