Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2739 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 4.6 MEDIUM | N/A |
|
The cma_req_handler function in drivers/infiniband/core/cma.c in the Linux kernel 3.14.x through 3.14.1 attempts to resolve an RDMA over Converged Ethernet (aka RoCE) address that is properly resolved within a different module, which allows remote attackers to cause a denial of service (incorrect pointer dereference and system crash) via crafted network traffic.
|
|||||
| CVE-2014-1316 | 1 Apple | 1 Mac Os X | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Heimdal, as used in Apple OS X through 10.9.2, allows remote attackers to cause a denial of service (abort and daemon exit) via ASN.1 data encountered in the Kerberos 5 protocol.
|
|||||
| CVE-2014-8479 | 1 Siemens | 9 Scalance X-300, Scalance X-300 Series Firmware, Scalance X-300eec and 6 more | 2025-04-12 | 6.8 MEDIUM | N/A |
|
The FTP server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote authenticated users to cause a denial of service (reboot) via crafted FTP packets.
|
|||||
| CVE-2016-6411 | 1 Cisco | 1 Firesight System Software | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585.
|
|||||
| CVE-2015-2917 | 1 Securifi | 4 Almond, Almond-2015, Almond-2015 Firmware and 1 more | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site that contains a (1) FRAME, (2) IFRAME, or (3) OBJECT element.
|
|||||
| CVE-2015-7828 | 1 Sap | 1 Hana | 2025-04-12 | 10.0 HIGH | N/A |
|
SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitrary code or have unspecified other impact via a TrexNet packet to the (1) fcopydir, (2) fmkdir, (3) frmdir, (4) getenv, (5) dumpenv, (6) fcopy, (7) fput, (8) fdel, (9) fmove, (10) fget, (11) fappend, (12) fdir, (13) getTraces, (14) kill, (15) pexec, (16) stop, or (17) pythonexec method, aka SAP Security Note 2165583.
|
|||||
| CVE-2015-6260 | 2 Cisco, Zyxel | 10 Nexus 5548p, Nexus 5548up, Nexus 5596t and 7 more | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
|
Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) via a crafted packet, aka Bug ID CSCut84645.
|
|||||
| CVE-2011-1793 | 1 Google | 1 Chrome | 2025-04-12 | 7.5 HIGH | N/A |
|
rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted SVG document that leads to a "stale pointer."
|
|||||
| CVE-2015-8265 | 1 Huawei | 4 E5151, E5151 Firmware, E5186 and 1 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Huawei Mobile WiFi E5151 routers with software before E5151s-2TCPU-V200R001B146D27SP00C00 and E5186 routers with software before V200R001B310D01SP00C00 allow DNS query packets using the static source port, which makes it easier for remote attackers to spoof responses via unspecified vectors.
|
|||||
| CVE-2015-0685 | 1 Cisco | 1 Ios Xe | 2025-04-12 | 7.8 HIGH | N/A |
|
Cisco IOS XE before 3.7.5S on ASR 1000 devices does not properly handle route adjacencies, which allows remote attackers to cause a denial of service (device hang) via crafted IP packets, aka Bug ID CSCub31873.
|
|||||
| CVE-2016-2548 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 4.9 MEDIUM | 6.2 MEDIUM |
|
sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions.
|
|||||
| CVE-2015-6824 | 2 Canonical, Ffmpeg | 2 Ubuntu Linux, Ffmpeg | 2025-04-12 | 7.5 HIGH | N/A |
|
The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data.
|
|||||
| CVE-2016-3831 | 1 Google | 1 Android | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The telephony component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device crash) via a NITZ time value of 2038-01-19 or later that is mishandled by the system clock, aka internal bug 29083635, related to a "Year 2038 problem."
|
|||||
| CVE-2014-3346 | 1 Cisco | 1 Transport Gateway Installation Software | 2025-04-12 | 6.3 MEDIUM | N/A |
|
The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) does not validate an unspecified parameter, which allows remote authenticated users to cause a denial of service (service crash) via a crafted string, aka Bug ID CSCuq31819.
|
|||||
| CVE-2014-3889 | 1 Silex | 2 Sx-2000wg, Sx-2000wg Firmware | 2025-04-12 | 5.0 MEDIUM | N/A |
|
silex SX-2000WG devices with firmware before 1.5.4 allow remote attackers to cause a denial of service (connectivity outage) via crafted data in the Options field of a TCP header, a different vulnerability than CVE-2014-3890.
|
|||||
| CVE-2014-8680 | 1 Isc | 1 Bind | 2025-04-12 | 5.4 MEDIUM | N/A |
|
The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options.
|
|||||
| CVE-2016-3979 | 1 Sap | 1 Java As | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (heap memory corruption and process crash) via a crafted HTTP request, related to the IctParseCookies function, aka SAP Security Note 2256185.
|
|||||
| CVE-2015-8724 | 1 Wireshark | 1 Wireshark | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
|
|||||
| CVE-2015-6172 | 1 Microsoft | 3 Office, Office Compatibility Pack, Word | 2025-04-12 | 9.3 HIGH | N/A |
|
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted email message processed by Outlook, aka "Microsoft Office RCE Vulnerability."
|
|||||
| CVE-2015-4316 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2025-04-12 | 5.5 MEDIUM | N/A |
|
The Mobile and Remote Access (MRA) endpoint-validation feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly validates the phone line used for registration, which allows remote authenticated users to conduct impersonation attacks via a crafted registration, aka Bug ID CSCuv40396.
|
|||||
| CVE-2016-4538 | 3 Fedoraproject, Opensuse, Php | 3 Fedora, Leap, Php | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.
|
|||||
| CVE-2014-8013 | 1 Cisco | 1 Nx-os | 2025-04-12 | 4.9 MEDIUM | N/A |
|
The TACACS+ command-authorization implementation in Cisco NX-OS allows local users to cause a denial of service (device reload) via a long CLI command, aka Bug ID CSCur54182.
|
|||||
| CVE-2016-8563 | 1 Siemens | 1 Automation License Manager | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to cause a denial of service (ALM service outage) via crafted packets to TCP port 4410.
|
|||||
| CVE-2014-2779 | 1 Microsoft | 1 Malware Protection Engine | 2025-04-12 | 4.3 MEDIUM | N/A |
|
mpengine.dll in Microsoft Malware Protection Engine before 1.1.10701.0 allows remote attackers to cause a denial of service (system hang) via a crafted file.
|
|||||
| CVE-2014-1828 | 1 Ithoughts | 1 Ithoughtshd | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The iThoughts web server in the iThoughtsHD app 4.19 for iOS on iPad devices allows remote attackers to cause a denial of service (disk consumption) by uploading a large file.
|
|||||
| CVE-2016-0754 | 2 Haxx, Microsoft | 2 Curl, Windows | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name.
|
|||||
| CVE-2014-3716 | 1 Xen | 1 Xen | 2025-04-12 | 1.9 LOW | N/A |
|
Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (crash) via an unspecified field in a DTB header in a 32-bit guest kernel.
|
|||||
| CVE-2016-0044 | 1 Microsoft | 3 Windows 8.1, Windows Rt 8.1, Windows Server 2012 | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Sync Framework in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows remote attackers to cause a denial of service (SyncShareSvc service outage) via crafted "change batch" data, aka "Windows DLL Loading Denial of Service Vulnerability."
|
|||||
| CVE-2016-5355 | 1 Wireshark | 1 Wireshark | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
|
wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigned-integer processing, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
|
|||||
| CVE-2016-6509 | 1 Wireshark | 1 Wireshark | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
|
epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 mishandles conversations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
|
|||||
| CVE-2015-6256 | 1 Cisco | 1 Asr 5000 Series Software | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Cisco ASR 5000 devices with software 19.0.M0.60828 allow remote attackers to cause a denial of service (OSPF process restart) via crafted length fields in headers of OSPF packets, aka Bug ID CSCuv62820.
|
|||||
| CVE-2014-3825 | 1 Juniper | 13 Junos, Srx100, Srx110 and 10 more | 2025-04-12 | 6.8 MEDIUM | N/A |
|
The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1X44 before 12.1X44-D40, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D25, and 12.1X47 before 12.1X47-D10, when an Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted packet.
|
|||||
| CVE-2014-6327 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6329 and CVE-2014-6376.
|
|||||
| CVE-2016-3207 | 1 Microsoft | 3 Internet Explorer, Jscript, Vbscript | 2025-04-12 | 7.6 HIGH | 7.5 HIGH |
|
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3205 and CVE-2016-3206.
|
|||||
| CVE-2016-6128 | 5 Canonical, Debian, Libgd and 2 more | 5 Ubuntu Linux, Debian Linux, Libgd and 2 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.
|
|||||
| CVE-2015-6249 | 2 Oracle, Wireshark | 2 Solaris, Wireshark | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
|
|||||
| CVE-2016-0046 | 1 Microsoft | 3 Windows 10, Windows 8.1, Windows Server 2012 | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
|
Windows Reader in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote attackers to execute arbitrary code via a crafted Reader file, aka "Microsoft Windows Reader Vulnerability."
|
|||||
| CVE-2016-0281 | 1 Ibm | 2 Aix, Vios | 2025-04-12 | 4.3 MEDIUM | 3.7 LOW |
|
The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets.
|
|||||
| CVE-2015-5869 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2025-04-12 | 3.3 LOW | N/A |
|
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.
|
|||||
| CVE-2014-9866 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
|
drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747684 and Qualcomm internal bug CR511358.
|
|||||