Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9601 | 4 Fedoraproject, Opensuse, Oracle and 1 more | 4 Fedora, Opensuse, Solaris and 1 more | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.
|
|||||
| CVE-2016-3737 | 1 Redhat | 1 Jboss Operations Network | 2025-04-12 | 9.0 HIGH | 9.8 CRITICAL |
|
The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization.
|
|||||
| CVE-2014-4401 | 1 Apple | 1 Mac Os X | 2025-04-12 | 6.9 MEDIUM | N/A |
|
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, and CVE-2014-4416.
|
|||||
| CVE-2014-0478 | 1 Debian | 1 Advanced Package Tool | 2025-04-12 | 4.0 MEDIUM | N/A |
|
APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature.
|
|||||
| CVE-2015-7509 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 4.9 MEDIUM | 4.4 MEDIUM |
|
fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015.
|
|||||
| CVE-2016-0785 | 1 Apache | 1 Struts | 2025-04-12 | 9.0 HIGH | 8.8 HIGH |
|
Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.
|
|||||
| CVE-2014-6151 | 1 Ibm | 1 Tivoli Integrated Portal | 2025-04-12 | 3.5 LOW | N/A |
|
CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) 2.2.x allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
|
|||||
| CVE-2016-1365 | 1 Cisco | 1 Application Policy Infrastructure Controller Enterprise Module | 2025-04-12 | 8.5 HIGH | 8.8 HIGH |
|
The Grapevine update process in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0 allows remote authenticated users to execute arbitrary commands as root via a crafted upgrade parameter, aka Bug ID CSCux15507.
|
|||||
| CVE-2016-2844 | 1 Google | 1 Chrome | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
|
WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service (incorrect cast and assertion failure) or possibly have unspecified other impact via crafted JavaScript code.
|
|||||
| CVE-2013-4723 | 1 Ddsn | 1 Cm3 Acora Content Management System | 2025-04-12 | 5.8 MEDIUM | N/A |
|
Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l parameter to track.aspx.
|
|||||
| CVE-2015-8040 | 1 Samsung | 1 Smartviewer | 2025-04-12 | 6.8 MEDIUM | N/A |
|
The rtsp_getdlsendtime method in the CNC_Ctrl control in Samsung SmartViewer allows remote attackers to execute arbitrary code via an index value.
|
|||||
| CVE-2015-6128 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2025-04-12 | 7.2 HIGH | N/A |
|
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Windows Library Loading Remote Code Execution Vulnerability."
|
|||||
| CVE-2016-1248 | 2 Debian, Vim | 2 Debian Linux, Vim | 2025-04-12 | 6.8 MEDIUM | 7.8 HIGH |
|
vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
|
|||||
| CVE-2015-2918 | 1 Orientdb | 1 Orientdb | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
|
|||||
| CVE-2015-4111 | 1 Blackberry | 1 Blackberry Link | 2025-04-12 | 6.8 MEDIUM | N/A |
|
mc_demux_mp4_ds.ax in an unspecified third-party codec demux in BlackBerry Link before 1.2.3.53 with installer before 1.1.0.22 allows remote attackers to execute arbitrary code via a crafted MP4 file.
|
|||||
| CVE-2016-4555 | 3 Canonical, Oracle, Squid-cache | 3 Ubuntu Linux, Linux, Squid | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.
|
|||||
| CVE-2014-2109 | 1 Cisco | 1 Ios | 2025-04-12 | 7.8 HIGH | N/A |
|
The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted TCP packets, aka Bug IDs CSCuh33843 and CSCuj41494.
|
|||||
| CVE-2014-3859 | 1 Isc | 1 Bind | 2025-04-12 | 5.0 MEDIUM | N/A |
|
libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS options, which allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted packet, as demonstrated by an attack against named, dig, or delv.
|
|||||
| CVE-2015-4016 | 1 Valvesoftware | 1 Steam Client | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The client detection protocol in Valve Steam allows remote attackers to cause a denial of service (process crash) via a crafted response to a broadcast packet.
|
|||||
| CVE-2013-2044 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | 5.8 MEDIUM | N/A |
|
Open redirect vulnerability in the Login Page (index.php) in ownCloud before 5.0.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter.
|
|||||
| CVE-2015-2459 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2025-04-12 | 9.3 HIGH | N/A |
|
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2458 and CVE-2015-2461.
|
|||||
| CVE-2015-8227 | 1 Huawei | 2 Vp9660, Vp 9660 Firmware | 2025-04-12 | 8.5 HIGH | N/A |
|
The built-in web server in Huawei VP9660 multi-point control unit with software before V200R001C30SPC700 allows remote administrators to obtain sensitive information or cause a denial of service via a crafted message.
|
|||||
| CVE-2013-3997 | 1 Ibm | 1 Infosphere Biginsights | 2025-04-12 | 4.9 MEDIUM | N/A |
|
Open redirect vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
|
|||||
| CVE-2014-0959 | 1 Ibm | 1 Websphere Portal | 2025-04-12 | 4.0 MEDIUM | N/A |
|
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote authenticated users to cause a denial of service (infinite loop) via a login redirect.
|
|||||
| CVE-2015-5879 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | 5.0 MEDIUM | N/A |
|
XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption) via a crafted header.
|
|||||
| CVE-2016-7965 | 1 Dokuwiki | 1 Dokuwiki | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
|
DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the baseurl setting as part of the password-reset URL. This can lead to phishing attacks. (A remote unauthenticated attacker can change the URL's hostname via the HTTP Host header.) The vulnerability can be triggered only if the Host header is not part of the web server routing process (e.g., if several domains are served by the same web server).
|
|||||
| CVE-2015-1138 | 1 Apple | 1 Mac Os X | 2025-04-12 | 4.9 MEDIUM | N/A |
|
Hypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecified vectors.
|
|||||
| CVE-2015-0770 | 1 Cisco | 1 Telepresence Tc Software | 2025-04-12 | 5.0 MEDIUM | N/A |
|
CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 and 7.x before 7.3.3 on Integrator C SX20 devices allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL, aka Bug ID CSCut79341.
|
|||||
| CVE-2016-1763 | 1 Apple | 1 Iphone Os | 2025-04-12 | 3.5 LOW | 3.5 LOW |
|
Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread.
|
|||||
| CVE-2015-8605 | 4 Canonical, Debian, Isc and 1 more | 4 Ubuntu Linux, Debian Linux, Dhcp and 1 more | 2025-04-12 | 5.7 MEDIUM | 6.5 MEDIUM |
|
ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.
|
|||||
| CVE-2015-1808 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 3.5 LOW | N/A |
|
Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data.
|
|||||
| CVE-2014-2180 | 1 Cisco | 2 Unified Contact Center Enterprise, Unified Contact Center Express Editor Software | 2025-04-12 | 4.0 MEDIUM | N/A |
|
The Document Management component in Cisco Unified Contact Center Express does not properly validate a parameter, which allows remote authenticated users to upload files to arbitrary pathnames via a crafted HTTP request, aka Bug ID CSCun74133.
|
|||||
| CVE-2014-1492 | 1 Mozilla | 1 Network Security Services | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
|
|||||
| CVE-2015-4605 | 2 Php, Redhat | 8 Php, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule.
|
|||||
| CVE-2014-3349 | 1 Cisco | 1 Cloud Portal | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not validate file types during the handling of file submission, which allows remote authenticated users to upload arbitrary files via a crafted request, aka Bug ID CSCuh87410.
|
|||||
| CVE-2014-6375 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
|||||
| CVE-2015-6243 | 2 Oracle, Wireshark | 3 Linux, Solaris, Wireshark | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions.
|
|||||
| CVE-2013-4199 | 1 Plone | 1 Plone | 2025-04-12 | 3.5 LOW | N/A |
|
(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed).
|
|||||
| CVE-2015-3204 | 1 Libreswan | 1 Libreswan | 2025-04-12 | 5.0 MEDIUM | N/A |
|
libreswan 3.9 through 3.12 allows remote attackers to cause a denial of service (daemon restart) via an IKEv1 packet with (1) unassigned bits set in the IPSEC DOI value or (2) the next payload value set to ISAKMP_NEXT_SAK.
|
|||||
| CVE-2016-4722 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | 7.1 HIGH | 5.9 MEDIUM |
|
The IDS - Connectivity component in Apple iOS before 10 and OS X before 10.12 allows man-in-the-middle attackers to conduct Call Relay spoofing attacks and cause a denial of service via unspecified vectors.
|
|||||