Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8003 | 1 Cisco | 1 Unified Computing System | 2025-04-12 | 7.2 HIGH | N/A |
|
Cisco Integrated Management Controller in Cisco Unified Computing System 2.2(2c)A and earlier allows local users to obtain shell access via a crafted map-nfs command, aka Bug ID CSCup05998.
|
|||||
| CVE-2015-7750 | 1 Juniper | 1 Screenos | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The L2TP packet processing functionality in Juniper Netscreen and ScreenOS Firewall products with ScreenOS before 6.3.0r13-dnd1, 6.3.0r14 through 6.3.0r18 before 6.3.0r18-dnc1, and 6.3.0r19 allows remote attackers to cause a denial of service via a crafted L2TP packet.
|
|||||
| CVE-2014-1725 | 1 Google | 1 Chrome | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 34.0.1847.116, does not properly handle string data composed exclusively of whitespace characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via a window.atob method call.
|
|||||
| CVE-2010-5077 | 3 Ioquake3, Openarena, Tremulous | 3 Ioquake3 Engine, Openarena, Tremulous | 2025-04-12 | 7.8 HIGH | N/A |
|
server/sv_main.c in Quake3 Arena, as used in ioquake3 before r1762, OpenArena, Tremulous, and other products, allows remote attackers to cause a denial of service (network traffic amplification) via a spoofed (1) getstatus or (2) rcon request.
|
|||||
| CVE-2015-0678 | 1 Cisco | 2 Asa Cx Context-aware Security Software, Asa With Firepower Services | 2025-04-12 | 7.8 HIGH | N/A |
|
The virtualization layer in Cisco ASA FirePOWER Software before 5.3.1.2 and 5.4.x before 5.4.0.1 and ASA Context-Aware (CX) Software before 9.3.2.1-9 allows remote attackers to cause a denial of service (device reload) by rapidly sending crafted packets to the management interface, aka Bug IDs CSCus11007 and CSCun56954.
|
|||||
| CVE-2013-6444 | 1 Pywbem Project | 1 Pywbem | 2025-04-12 | 5.8 MEDIUM | N/A |
|
PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
|
|||||
| CVE-2014-2735 | 1 Winscp | 1 Winscp | 2025-04-12 | 5.8 MEDIUM | N/A |
|
WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
|
|||||
| CVE-2016-1569 | 1 Firebirdsql | 1 Firebird | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
|
FireBird 2.5.5 allows remote authenticated users to cause a denial of service (daemon crash) by using service manager to invoke the gbak utility with an invalid parameter.
|
|||||
| CVE-2016-1478 | 1 Cisco | 1 Ios | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
|
Cisco IOS 15.5(3)S3, 15.6(1)S2, 15.6(2)S1, and 15.6(2)T1 does not properly dequeue invalid NTP packets, which allows remote attackers to cause a denial of service (interface wedge) by sending many crafted NTP packets, aka Bug ID CSCva35619.
|
|||||
| CVE-2014-3271 | 1 Cisco | 1 Ios Xr | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug IDs CSCum85558, CSCum20949, CSCul61849, and CSCul71149.
|
|||||
| CVE-2014-0317 | 1 Microsoft | 5 Windows Server 2003, Windows Server 2008, Windows Server 2012 and 2 more | 2025-04-12 | 5.4 MEDIUM | N/A |
|
The Security Account Manager Remote (SAMR) protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the user-lockout state, which makes it easier for remote attackers to bypass the account lockout policy and obtain access via a brute-force attack, aka "SAMR Security Feature Bypass Vulnerability."
|
|||||
| CVE-2015-6546 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2025-04-12 | 6.1 MEDIUM | N/A |
|
The vCMP host in F5 BIG-IP Analytics, APM, ASM, GTM, Link Controller, and LTM 11.0.0 before 11.6.0, BIG-IP AAM 11.4.0 before 11.6.0, BIG-IP AFM and PEM 11.3.0 before 11.6.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.0.0 through 11.3.0, BIG-IP PSM 11.0.0 through 11.4.1 allows remote attackers to cause a denial of service via "malicious traffic."
|
|||||
| CVE-2015-8562 | 1 Joomla | 1 Joomla\! | 2025-04-12 | 7.5 HIGH | N/A |
|
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
|
|||||
| CVE-2016-6503 | 1 Wireshark | 1 Wireshark | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
|
|||||
| CVE-2015-4638 | 1 F5 | 10 Big-ip Advanced Firewall Manager, Big-ip Analytics, Big-ip Application Security Manager and 7 more | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The FastL4 virtual server in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11.3.0 through 11.5.2 and 11.6.0 through 11.6.0 HF4, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.1 through 11.3.0, and BIG-IP PSM 11.2.1 through 11.4.1 allows remote attackers to cause a denial of service (Traffic Management Microkernel restart) via a fragmented packet.
|
|||||
| CVE-2016-1156 | 3 Apple, Linecorp, Microsoft | 3 Mac Os X, Line, Windows | 2025-04-12 | 3.5 LOW | 5.7 MEDIUM |
|
LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X allows remote authenticated users to cause a denial of service (application crash) via a crafted post that is mishandled when displaying a Timeline.
|
|||||
| CVE-2014-6336 | 1 Microsoft | 1 Exchange Server | 2025-04-12 | 3.5 LOW | N/A |
|
Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 does not properly validate redirection tokens, which allows remote attackers to redirect users to arbitrary web sites and spoof the origin of e-mail messages via unspecified vectors, aka "Exchange URL Redirection Vulnerability."
|
|||||
| CVE-2016-1541 | 1 Libarchive | 1 Libarchive | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
|
Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.
|
|||||
| CVE-2015-8000 | 2 Isc, Oracle | 4 Bind, Linux, Solaris and 1 more | 2025-04-12 | 5.0 MEDIUM | N/A |
|
db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.
|
|||||
| CVE-2014-3308 | 1 Cisco | 8 Asr 9000 Rsp440 Router, Asr 9001, Asr 9006 and 5 more | 2025-04-12 | 6.4 MEDIUM | N/A |
|
Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static punt policer, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted packets, aka Bug ID CSCun83985.
|
|||||
| CVE-2016-4476 | 2 Canonical, W1.fi | 3 Ubuntu Linux, Hostapd, Wpa Supplicant | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation.
|
|||||
| CVE-2015-6826 | 2 Canonical, Ffmpeg | 2 Ubuntu Linux, Ffmpeg | 2025-04-12 | 7.5 HIGH | N/A |
|
The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40 RealVideo data.
|
|||||
| CVE-2016-3757 | 1 Google | 1 Android | 2025-04-12 | 5.9 MEDIUM | 7.0 HIGH |
|
The print_maps function in toolbox/lsof.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows user-assisted attackers to gain privileges via a crafted application that attempts to list a long name of a memory-mapped file, aka internal bug 28175237. NOTE: print_maps is not related to the Vic Abell lsof product.
|
|||||
| CVE-2016-6358 | 1 Cisco | 1 Email Security Appliance | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability in local FTP to the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition when the FTP application unexpectedly quits. More Information: CSCux68539. Known Affected Releases: 9.1.0-032 9.7.1-000. Known Fixed Releases: 9.1.1-038.
|
|||||
| CVE-2016-4809 | 3 Libarchive, Oracle, Redhat | 9 Libarchive, Linux, Enterprise Linux Desktop and 6 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.
|
|||||
| CVE-2016-7162 | 2 Canonical, File Roller Project | 2 Ubuntu Linux, File Roller | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive.
|
|||||
| CVE-2013-1883 | 1 Mantisbt | 1 Mantisbt | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Mantis Bug Tracker (aka MantisBT) 1.2.12 before 1.2.15 allows remote attackers to cause a denial of service (resource consumption) via a filter using a criteria, text search, and the "any condition" match type.
|
|||||
| CVE-2014-0162 | 1 Openstack | 2 Icehouse, Image Registry And Delivery Service \(glance\) | 2025-04-12 | 6.0 MEDIUM | N/A |
|
The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.
|
|||||
| CVE-2015-8716 | 1 Wireshark | 1 Wireshark | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
|
|||||
| CVE-2015-2055 | 1 Zhone Technologies | 2 Gpon 2520, Gpon 2520 Firmware | 2025-04-12 | 7.8 HIGH | N/A |
|
Zhone GPON 2520 with firmware R4.0.2.566b allows remote attackers to cause a denial of service via a long string in the oldpassword parameter.
|
|||||
| CVE-2015-5837 | 1 Apple | 2 Iphone Os, Watchos | 2025-04-12 | 4.3 MEDIUM | N/A |
|
PluginKit in Apple iOS before 9 allows attackers to bypass an intended app-trust requirement and install arbitrary extensions via a crafted enterprise app.
|
|||||
| CVE-2014-6430 | 1 Wireshark | 1 Wireshark | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
|
|||||
| CVE-2015-2460 | 1 Microsoft | 8 .net Framework, Windows 10, Windows 7 and 5 more | 2025-04-12 | 9.3 HIGH | N/A |
|
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."
|
|||||
| CVE-2016-1612 | 1 Google | 1 Chrome | 2025-04-12 | 6.8 MEDIUM | 7.6 HIGH |
|
The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in Google Chrome before 48.0.2564.82, does not ensure receiver compatibility before performing a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact via crafted JavaScript code.
|
|||||
| CVE-2014-6429 | 1 Wireshark | 1 Wireshark | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
|
|||||
| CVE-2016-6384 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
|
Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka Bug ID CSCux04257.
|
|||||
| CVE-2014-8510 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2025-04-12 | 4.0 MEDIUM | N/A |
|
The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) before 6.0 HF build 1244 allows remote authenticated users to read arbitrary files via vectors related to configuration input when saving filters.
|
|||||
| CVE-2014-0742 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 6.2 MEDIUM | N/A |
|
The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464.
|
|||||
| CVE-2014-1360 | 1 Apple | 1 Iphone Os | 2025-04-12 | 2.1 LOW | N/A |
|
Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism via unspecified vectors.
|
|||||
| CVE-2016-2216 | 2 Fedoraproject, Nodejs | 2 Fedora, Node.js | 2025-04-12 | 4.3 MEDIUM | 7.5 HIGH |
|
The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.
|
|||||