Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1105 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets.
|
|||||
| CVE-2014-3284 | 1 Cisco | 9 Asr 1001, Asr 1002, Asr 1002-x and 6 more | 2025-04-12 | 6.1 MEDIUM | N/A |
|
Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180.
|
|||||
| CVE-2014-6159 | 1 Ibm | 1 Db2 | 2025-04-12 | 3.5 LOW | N/A |
|
IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 through FP4 on Linux, UNIX, and Windows, when immediate AUTO_REVAL is enabled, allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement.
|
|||||
| CVE-2014-2129 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | 7.1 HIGH | N/A |
|
The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.48), 8.4 before 8.4(6.5), 9.0 before 9.0(3.1), and 9.1 before 9.1(2.5) allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted SIP packets, aka Bug ID CSCuh44052.
|
|||||
| CVE-2012-2095 | 2 David Paleino, Fedoraproject | 2 Wicd, Fedora | 2025-04-12 | 6.9 MEDIUM | N/A |
|
The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus message.
|
|||||
| CVE-2014-4617 | 3 Debian, Gnupg, Opensuse | 3 Debian Linux, Gnupg, Opensuse | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.
|
|||||
| CVE-2014-3775 | 1 Libgadu | 1 Libgadu | 2025-04-12 | 7.5 HIGH | N/A |
|
libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin and other products, allows remote Gadu-Gadu file relay servers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted message.
|
|||||
| CVE-2016-6431 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | 7.1 HIGH | 7.5 HIGH |
|
A vulnerability in the local Certificate Authority (CA) feature of Cisco ASA Software before 9.6(1.5) could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper handling of crafted packets during the enrollment operation. An attacker could exploit this vulnerability by sending a crafted enrollment request to the affected system. An exploit could allow the attacker to cause the reload of the affected system. Note: Only HTTPS pack ...
Show More |
|||||
| CVE-2016-1441 | 1 Cisco | 1 Cloud Network Automation Provisioner | 2025-04-12 | 6.4 MEDIUM | 8.2 HIGH |
|
Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Configuration Assistant (CCA) allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET API calls, aka Bug ID CSCuy77145.
|
|||||
| CVE-2016-2774 | 3 Canonical, Debian, Isc | 3 Ubuntu Linux, Debian Linux, Dhcp | 2025-04-12 | 7.1 HIGH | 5.9 MEDIUM |
|
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.
|
|||||
| CVE-2014-3272 | 1 Cisco | 1 Tidal Enterprise Scheduler | 2025-04-12 | 6.0 MEDIUM | N/A |
|
The Agent in Cisco Tidal Enterprise Scheduler (TES) 6.1 and earlier allows local users to gain privileges via crafted Tidal Job Buffers (TJB) parameters, aka Bug ID CSCuo33074.
|
|||||
| CVE-2014-9417 | 1 Huawei | 1 Espace Desktop | 2025-04-12 | 2.1 LOW | N/A |
|
The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted image.
|
|||||
| CVE-2015-7094 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | 2.6 LOW | N/A |
|
CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL.
|
|||||
| CVE-2015-8930 | 3 Canonical, Libarchive, Suse | 5 Ubuntu Linux, Libarchive, Linux Enterprise Desktop and 2 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.
|
|||||
| CVE-2015-6403 | 1 Cisco | 14 Spa300 Firmware, Spa500 Firmware, Spa 301 and 11 more | 2025-04-12 | 7.2 HIGH | N/A |
|
The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400.
|
|||||
| CVE-2014-3376 | 1 Cisco | 1 Ios Xr | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed RSVP packet, aka Bug ID CSCuq12031.
|
|||||
| CVE-2015-8899 | 2 Canonical, Thekelleys | 2 Ubuntu Linux, Dnsmasq | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.
|
|||||
| CVE-2015-0626 | 1 Cisco | 1 Hosted Collaboration Solution | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The SOAP interface in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to obtain access to system-management tools via crafted Challenge SOAP calls, aka Bug ID CSCuc38114.
|
|||||
| CVE-2016-1328 | 1 Cisco | 2 Epc3928, Epc3928 Firmware | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
|
goform/WClientMACList on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long h_sortWireless parameter, related to a "Gateway Client List Denial of Service" issue, aka Bug ID CSCux24948.
|
|||||
| CVE-2015-0642 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | 7.8 HIGH | N/A |
|
Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of service (device reload) by sending malformed IKEv2 packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum36951.
|
|||||
| CVE-2014-1723 | 1 Google | 1 Chrome | 2025-04-12 | 7.5 HIGH | N/A |
|
The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in Google Chrome before 34.0.1847.116 does not properly handle bidirectional Internationalized Resource Identifiers (IRIs), which makes it easier for remote attackers to spoof URLs via crafted use of right-to-left (RTL) Unicode text.
|
|||||
| CVE-2015-1043 | 1 Vmware | 3 Fusion, Player, Workstation | 2025-04-12 | 3.3 LOW | N/A |
|
The Host Guest File System (HGFS) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware Fusion 6.x before 6.0.5 and 7.x before 7.0.1 allows guest OS users to cause a guest OS denial of service via unspecified vectors.
|
|||||
| CVE-2014-9030 | 3 Debian, Opensuse, Xen | 3 Debian Linux, Opensuse, Xen | 2025-04-12 | 7.1 HIGH | N/A |
|
The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE.
|
|||||
| CVE-2014-2193 | 1 Cisco | 1 Unified Web And E-mail Interaction Manager | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cisco Unified Web and E-Mail Interaction Manager places session identifiers in GET requests, which allows remote attackers to inject conversation text by obtaining a valid identifier, aka Bug ID CSCuj43084.
|
|||||
| CVE-2015-7211 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Mozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows remote attackers to spoof web sites via unspecified vectors.
|
|||||
| CVE-2013-7234 | 1 Simplemachines | 1 Simple Machines Forum | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header.
|
|||||
| CVE-2014-3880 | 1 Freebsd | 1 Freebsd | 2025-04-12 | 4.9 MEDIUM | N/A |
|
The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 10.0 before p4 destroys the virtual memory address space and mappings for a process before all threads have terminated, which allows local users to cause a denial of service (triple-fault and system reboot) via a crafted system call, which triggers an invalid page table pointer dereference.
|
|||||
| CVE-2016-1419 | 1 Cisco | 2 Aironet, Aironet Access Point Software | 2025-04-12 | 6.8 MEDIUM | 8.1 HIGH |
|
Cisco Access Point devices with software 8.2(102.43) allow remote attackers to cause a denial of service (device reload) via crafted ARP packets, aka Bug ID CSCuy55803.
|
|||||
| CVE-2014-2121 | 1 Cisco | 1 Hosted Collaboration Solution | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The Java-based software in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (closing of TCP ports) via unspecified vectors, aka Bug IDs CSCug77633, CSCug77667, CSCug78266, CSCug82795, and CSCuh58643.
|
|||||
| CVE-2014-0921 | 1 Ibm | 2 Messagesight, Messagesight Jms Client | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The server in IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (daemon crash and message data loss) via malformed headers during a WebSockets connection upgrade.
|
|||||
| CVE-2016-1987 | 1 Hp | 1 Hp-ux Ipfilter | 2025-04-12 | 2.6 LOW | 5.9 MEDIUM |
|
HPE IPFilter A.11.31.18.21 on HP-UX, when a certain keep-state configuration is enabled, allows remote attackers to cause a denial of service via unspecified UDP packets.
|
|||||
| CVE-2016-7417 | 1 Php | 1 Php | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.
|
|||||
| CVE-2016-3082 | 1 Apache | 1 Struts | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.
|
|||||
| CVE-2015-6103 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2025-04-12 | 9.3 HIGH | N/A |
|
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-6104.
|
|||||
| CVE-2016-0789 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
|
|||||
| CVE-2015-2458 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2025-04-12 | 9.3 HIGH | N/A |
|
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2459 and CVE-2015-2461.
|
|||||
| CVE-2015-1261 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-12 | 5.0 MEDIUM | N/A |
|
android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in Google Chrome before 43.0.2357.65 on Android does not properly restrict use of a URL's fragment identifier during construction of a page-info popup, which allows remote attackers to spoof the URL bar or deliver misleading popup content via crafted text.
|
|||||
| CVE-2015-8229 | 1 Huawei | 3 Espace Firmware, Espace Unified Gateway U2980, Espace Unified Gateway U2990 | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Huawei eSpace U2980 unified gateway with software before V100R001C10 and U2990 with software before V200R001C10 allow remote authenticated users to cause a denial of service via crafted signaling packets from a registered device.
|
|||||
| CVE-2016-2201 | 1 Siemens | 15 Simatic S7-1500 Cpu Firmware, Simatic S7-1511-1 Pn Cpu, Simatic S7-1511c-1 Pn Cpu and 12 more | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to bypass a replay protection mechanism via packets on TCP port 102.
|
|||||
| CVE-2014-3270 | 1 Cisco | 1 Ios Xr | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (process hang) via a malformed packet, aka Bug ID CSCul80924.
|
|||||