Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3890 | 1 Silex | 2 Sx-2000wg, Sx-2000wg Firmware | 2025-04-12 | 5.0 MEDIUM | N/A |
|
silex SX-2000WG devices with firmware before 1.5.4 allow remote attackers to cause a denial of service (connectivity outage) via a crafted IP packet, a different vulnerability than CVE-2014-3889.
|
|||||
| CVE-2015-8704 | 1 Isc | 1 Bind | 2025-04-12 | 6.8 MEDIUM | 6.5 MEDIUM |
|
apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record.
|
|||||
| CVE-2016-4165 | 1 Adobe | 1 Brackets | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
The extension manager in Adobe Brackets before 1.7 allows attackers to have an unspecified impact via invalid input.
|
|||||
| CVE-2014-1273 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-12 | 5.8 MEDIUM | N/A |
|
dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library.
|
|||||
| CVE-2015-4534 | 1 Emc | 1 Documentum Content Server | 2025-04-12 | 9.0 HIGH | N/A |
|
Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 allows remote authenticated users to execute arbitrary code by forging a signature for a query string that lacks the method_verb parameter.
|
|||||
| CVE-2015-8742 | 1 Wireshark | 1 Wireshark | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet.
|
|||||
| CVE-2015-0701 | 1 Cisco | 1 Unified Computing System Central Software | 2025-04-12 | 10.0 HIGH | N/A |
|
Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961.
|
|||||
| CVE-2015-8552 | 4 Canonical, Debian, Novell and 1 more | 5 Ubuntu Linux, Debian Linux, Suse Linux Enterprise Debuginfo and 2 more | 2025-04-12 | 1.7 LOW | 4.4 MEDIUM |
|
The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks."
|
|||||
| CVE-2014-3335 | 1 Cisco | 8 Asr 9000 Rsp440 Router, Asr 9001, Asr 9006 and 5 more | 2025-04-12 | 4.6 MEDIUM | N/A |
|
Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of packets with multicast destination MAC addresses, which allows remote attackers to cause a denial of service (chip and card hangs) via a crafted packet, aka Bug ID CSCup77750.
|
|||||
| CVE-2016-8740 | 1 Apache | 1 Http Server | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.
|
|||||
| CVE-2013-4544 | 2 Canonical, Qemu | 2 Ubuntu Linux, Qemu | 2025-04-12 | 4.9 MEDIUM | N/A |
|
hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to (1) RX or (2) TX queue numbers or (3) interrupt indices. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2013-6769 | 2 Google, Koushik Dutta | 2 Android, Superuser | 2025-04-12 | 10.0 HIGH | N/A |
|
The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android allows attackers to gain privileges via shell metacharacters in the -c option to /system/xbin/su.
|
|||||
| CVE-2015-6821 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-12 | 7.5 HIGH | N/A |
|
The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted MPEG data.
|
|||||
| CVE-2016-0774 | 2 Google, Linux | 2 Android, Linux Kernel | 2025-04-12 | 5.6 MEDIUM | 6.8 MEDIUM |
|
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vect ...
Show More |
|||||
| CVE-2014-2122 | 1 Cisco | 1 Hosted Collaboration Solution | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Memory leak in the GUI in the Impact server in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, aka Bug ID CSCub58999.
|
|||||
| CVE-2016-1438 | 1 Cisco | 2 Asyncos, Email Security Appliance Firmware | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210.
|
|||||
| CVE-2014-2585 | 1 Owncloud | 1 Owncloud Server | 2025-04-12 | 4.9 MEDIUM | N/A |
|
ownCloud before 5.0.15 and 6.x before 6.0.2, when the file_external app is enabled, allows remote authenticated users to mount the local filesystem in the user's ownCloud via the mount configuration.
|
|||||
| CVE-2014-3352 | 1 Cisco | 1 Cloud Portal | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related to an "iFrame vulnerability," aka Bug ID CSCuh84801.
|
|||||
| CVE-2014-3802 | 1 Microsoft | 2 Debug Interface Access Software Development Kit, Visual Studio | 2025-04-12 | 6.8 MEDIUM | N/A |
|
msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file.
|
|||||
| CVE-2014-9038 | 1 Wordpress | 1 Wordpress | 2025-04-12 | 6.4 MEDIUM | N/A |
|
wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery (SSRF) attacks by referring to a 127.0.0.0/8 resource.
|
|||||
| CVE-2014-3673 | 7 Canonical, Debian, Linux and 4 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
|
The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.
|
|||||
| CVE-2015-4276 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Cisco WebEx Meetings Server 2.5MR1 allows remote authenticated users to execute arbitrary code via a crafted command parameter, aka Bug ID CSCus56138.
|
|||||
| CVE-2015-8723 | 1 Wireshark | 1 Wireshark | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total length and the capture length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.
|
|||||
| CVE-2016-1284 | 1 Isc | 1 Bind | 2025-04-12 | 2.6 LOW | 5.9 MEDIUM |
|
rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via crafted flag values in a query.
|
|||||
| CVE-2014-0480 | 2 Djangoproject, Opensuse | 2 Django, Opensuse | 2025-04-12 | 5.8 MEDIUM | N/A |
|
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL to be generated.
|
|||||
| CVE-2015-1647 | 1 Microsoft | 2 Windows 8.1, Windows Server 2012 | 2025-04-12 | 2.1 LOW | N/A |
|
Virtual Machine Manager (VMM) in Hyper-V in Microsoft Windows 8.1 and Windows Server 2012 R2 allows guest OS users to cause a denial of service (VMM functionality loss) via a crafted application, aka "Windows Hyper-V DoS Vulnerability."
|
|||||
| CVE-2016-3756 | 1 Google | 1 Android | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
|
Tremolo/res012.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the number of partitions, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28556125.
|
|||||
| CVE-2011-1749 | 1 Linux-nfs | 1 Nfs-utils | 2025-04-12 | 3.3 LOW | N/A |
|
The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to corrupt this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
|
|||||
| CVE-2014-3214 | 1 Isc | 1 Bind | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a DNS query that triggers a response with unspecified attributes.
|
|||||
| CVE-2014-6135 | 1 Ibm | 2 Security Appscan, Security Appscan Source | 2025-04-12 | 4.3 MEDIUM | N/A |
|
IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
|
|||||
| CVE-2015-0730 | 1 Cisco | 1 Wide Area Application Services | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The SMB module in Cisco Wide Area Application Services (WAAS) 6.0(1) allows remote attackers to cause a denial of service (module reload) via an invalid field in a Negotiate Protocol request, aka Bug ID CSCuo75645.
|
|||||
| CVE-2015-7072 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2025-04-12 | 9.3 HIGH | N/A |
|
dyld in Apple iOS before 9.2, tvOS before 9.1, and watchOS before 2.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
|
|||||
| CVE-2014-2164 | 1 Cisco | 2 Telepresence Tc Software, Telepresence Te Software | 2025-04-12 | 7.8 HIGH | N/A |
|
The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCuj94651.
|
|||||
| CVE-2014-2855 | 1 Samba | 1 Rsync | 2025-04-12 | 7.8 HIGH | N/A |
|
The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.
|
|||||
| CVE-2014-6368 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Microsoft Internet Explorer 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."
|
|||||
| CVE-2014-4383 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header.
|
|||||
| CVE-2015-2974 | 1 Lemon-s Php | 1 Gazou Bbs Plus | 2025-04-12 | 5.0 MEDIUM | N/A |
|
LEMON-S PHP Gazou BBS plus before 2.36 allows remote attackers to upload arbitrary HTML documents via vectors involving a crafted image file.
|
|||||
| CVE-2016-4085 | 3 Debian, Oracle, Wireshark | 3 Debian Linux, Solaris, Wireshark | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet.
|
|||||
| CVE-2014-5460 | 1 Tribulant | 1 Tibulant Slideshow Gallery | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/.
|
|||||
| CVE-2016-6197 | 2 Linux, Oracle | 3 Linux Kernel, Linux, Vm Server | 2025-04-12 | 4.9 MEDIUM | 5.5 MEDIUM |
|
fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink.
|
|||||