Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8820 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2025-04-12 | 5.6 MEDIUM | 6.1 MEDIUM |
|
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a check on a function return value is missing, potentially allowing an uninitialized value to be used as the source of a strcpy() call, leading to denial of service or information disclosure.
|
|||||
| CVE-2016-0398 | 1 Ibm | 1 Cognos Analytics | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
|
IBM Cognos Analytics (CA) 11.0 before 11.0.2 allows remote attackers to conduct content-spoofing attacks via a crafted URL.
|
|||||
| CVE-2014-6609 | 1 Digium | 1 Asterisk | 2025-04-12 | 4.0 MEDIUM | N/A |
|
The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.
|
|||||
| CVE-2014-3159 | 1 Google | 2 Android, Chrome | 2025-04-12 | 6.4 MEDIUM | N/A |
|
The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly restrict URL loading, which allows remote attackers to spoof the URL in the Omnibox via unspecified vectors.
|
|||||
| CVE-2015-5828 | 2 Apple, Opensuse | 2 Safari, Leap | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of an HTTP Redirection (aka 3xx) status code to a plugin, which allows remote attackers to bypass intended request restrictions via a crafted web site.
|
|||||
| CVE-2014-2165 | 1 Cisco | 2 Telepresence Tc Software, Telepresence Te Software | 2025-04-12 | 7.8 HIGH | N/A |
|
The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCtq72699.
|
|||||
| CVE-2014-3348 | 1 Cisco | 8 Integrated Management Controller, Unified Computing System E140d, Unified Computing System E140dp and 5 more | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The SSH module in the Integrated Management Controller (IMC) before 2.3.1 in Cisco Unified Computing System on E-Series blade servers allows remote attackers to cause a denial of service (IMC hang) via a crafted SSH packet, aka Bug ID CSCuo69206.
|
|||||
| CVE-2015-6790 | 1 Google | 1 Chrome | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as demonstrated by a double-quote character inside a single-quoted string.
|
|||||
| CVE-2014-6230 | 1 Wp-ban Project | 1 Wp-ban | 2025-04-12 | 4.3 MEDIUM | N/A |
|
WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header.
|
|||||
| CVE-2015-0664 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary userspace memory locations, and consequently gain privileges, via crafted messages, aka Bug ID CSCus79195.
|
|||||
| CVE-2014-8836 | 1 Apple | 1 Mac Os X | 2025-04-12 | 10.0 HIGH | N/A |
|
The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (arbitrary-size bzero of kernel memory) via a crafted app.
|
|||||
| CVE-2016-3205 | 1 Microsoft | 3 Internet Explorer, Jscript, Vbscript | 2025-04-12 | 7.6 HIGH | 7.5 HIGH |
|
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3206 and CVE-2016-3207.
|
|||||
| CVE-2016-1408 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
|
Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable Network Manager (EPNM) 1.2 and 2.0 allow remote authenticated users to execute arbitrary commands or upload files via a crafted HTTP request, aka Bug ID CSCuz01488.
|
|||||
| CVE-2015-2776 | 2 Debian, Gaia-gis | 2 Debian Linux, Freexl | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The parse_SST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service (memory consumption) via a crafted shared strings table in a workbook.
|
|||||
| CVE-2014-2673 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 4.7 MEDIUM | N/A |
|
The arch_dup_task_struct function in the Transactional Memory (TM) implementation in arch/powerpc/kernel/process.c in the Linux kernel before 3.13.7 on the powerpc platform does not properly interact with the clone and fork system calls, which allows local users to cause a denial of service (Program Check and system crash) via certain instructions that are executed with the processor in the Transactional state.
|
|||||
| CVE-2015-8218 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-12 | 6.8 MEDIUM | N/A |
|
The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data.
|
|||||
| CVE-2014-3283 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | 5.8 MEDIUM | N/A |
|
Open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka Bug ID CSCun79731.
|
|||||
| CVE-2015-7551 | 2 Apple, Ruby-lang | 2 Mac Os X, Ruby | 2025-04-12 | 4.6 MEDIUM | 8.4 HIGH |
|
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression.
|
|||||
| CVE-2016-6458 | 1 Cisco | 1 Email Security Appliance Firmware | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass content filters configured on an affected device. Email that should have been filtered could instead be forwarded by the device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is con ...
Show More |
|||||
| CVE-2016-3944 | 1 Lenovo | 1 Accelerator Application | 2025-04-12 | 9.3 HIGH | 7.5 HIGH |
|
UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com.
|
|||||
| CVE-2014-4130 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4132 and CVE-2014-4138.
|
|||||
| CVE-2012-5427 | 1 Cisco | 1 Ios | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Cisco IOS Unified Border Element (CUBE) in Cisco IOS before 15.3(2)T allows remote authenticated users to cause a denial of service (input queue wedge) via a crafted series of RTCP packets, aka Bug ID CSCuc42518.
|
|||||
| CVE-2014-2986 | 1 Xen | 1 Xen | 2025-04-12 | 5.5 MEDIUM | N/A |
|
The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch/arm/vgic.c) in Xen 4.4.x, when running on an ARM system, allows local guest users to cause a denial of service (NULL pointer dereference and host crash) via unspecified vectors.
|
|||||
| CVE-2016-1998 | 1 Hp | 1 Service Manager | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
|
|||||
| CVE-2016-3936 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
|
The MediaTek video driver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 30019037 and MediaTek internal bug ALPS02829568.
|
|||||
| CVE-2016-3826 | 1 Google | 1 Android | 2025-04-12 | 4.6 MEDIUM | 7.8 HIGH |
|
services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the reply size for an AudioFlinger effect command, which allows attackers to gain privileges via a crafted application, aka internal bug 29251553.
|
|||||
| CVE-2016-1982 | 1 Privoxy | 1 Privoxy | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content.
|
|||||
| CVE-2015-0810 | 2 Apple, Mozilla | 2 Mac Os X, Firefox | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements associated with layered presentation, and crafted JavaScript code that interacts with an IMG element.
|
|||||
| CVE-2014-2113 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | 7.8 HIGH | N/A |
|
Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 before 3.7.5S; and 3.8, 3.9, and 3.10 before 3.10.2S allow remote attackers to cause a denial of service (I/O memory consumption and device reload) via a malformed IPv6 packet, aka Bug ID CSCui59540.
|
|||||
| CVE-2014-0117 | 2 Apache, Apple | 2 Http Server, Mac Os X | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.
|
|||||
| CVE-2015-5945 | 1 Apple | 1 Mac Os X | 2025-04-12 | 7.2 HIGH | N/A |
|
The Sandbox subsystem in Apple OS X before 10.11.1 allows local users to gain privileges via vectors involving NVRAM parameters.
|
|||||
| CVE-2016-7266 | 1 Microsoft | 4 Excel, Excel For Mac, Excel Viewer and 1 more | 2025-04-12 | 6.8 MEDIUM | 7.8 HIGH |
|
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary commands via crafted embedded content in a document, aka "Microsoft Office Security Feature Bypass Vulnerability."
|
|||||
| CVE-2015-4321 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The Unicast Reverse Path Forwarding (uRPF) implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(1.50), 9.3(2.100), 9.3(3), and 9.4(1) mishandles cases where an IP address belongs to an internal interface but is also in the ASA routing table, which allows remote attackers to bypass uRPF validation via spoofed packets, aka Bug ID CSCuv60724.
|
|||||
| CVE-2014-3730 | 4 Canonical, Debian, Djangoproject and 1 more | 4 Ubuntu Linux, Debian Linux, Django and 1 more | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com."
|
|||||
| CVE-2016-0895 | 1 Emc | 1 Rsa Data Loss Prevention | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
|
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity.
|
|||||
| CVE-2016-3655 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call.
|
|||||
| CVE-2016-1430 | 1 Cisco | 4 Rv180 Vpn Router, Rv180 Vpn Router Firmware, Rv180w Vpn Router and 1 more | 2025-04-12 | 9.0 HIGH | 8.8 HIGH |
|
Cisco RV180 and RV180W devices allow remote authenticated users to execute arbitrary commands as root via a crafted HTTP request, aka Bug ID CSCuz48592.
|
|||||
| CVE-2016-1733 | 1 Apple | 1 Mac Os X | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
|
AppleRAID in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
|
|||||
| CVE-2014-9653 | 3 Debian, File Project, Php | 3 Debian Linux, File, Php | 2025-04-12 | 7.5 HIGH | N/A |
|
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.
|
|||||
| CVE-2014-7989 | 1 Cisco | 8 B200 M3, B200 M4, B22 M3 and 5 more | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Cisco Unified Computing System on B-Series blade servers allows local users to gain shell privileges via a crafted (1) ping6 or (2) traceroute6 command, aka Bug ID CSCuq38176.
|
|||||