Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3262 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to cause a denial of service (CEF outage and packet drops) via malformed messages, aka Bug ID CSCun73782.
|
|||||
| CVE-2011-4407 | 1 Canonical | 2 Software-properties, Ubuntu Linux | 2025-04-12 | 4.3 MEDIUM | N/A |
|
ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository.
|
|||||
| CVE-2014-3268 | 1 Cisco | 2 Ios, Unified Border Element | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Cisco IOS 15.2(4)M4 on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service (input-queue consumption and traffic-processing outage) via crafted RTCP packets, aka Bug ID CSCuj72215.
|
|||||
| CVE-2016-8818 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
|
All versions of NVIDIA Windows GPU Display contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a pointer passed from a user to the driver is used without validation, leading to denial of service or potential escalation of privileges.
|
|||||
| CVE-2015-6385 | 1 Cisco | 1 Ios | 2025-04-12 | 7.2 HIGH | N/A |
|
The publish-event event-manager feature in Cisco IOS 15.5(2)S and 15.5(3)S on Cloud Services Router 1000V devices allows local users to execute arbitrary commands with root privileges by leveraging administrative access to enter crafted environment variables, aka Bug ID CSCux14943.
|
|||||
| CVE-2015-6365 | 1 Cisco | 1 Ios | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs supersede virtual PPP interface ACLs, which allows remote authenticated users to bypass intended network-traffic restrictions in opportunistic circumstances by using PPP, aka Bug ID CSCur61303.
|
|||||
| CVE-2016-1244 | 2 Debian, Unadf Project | 2 Debian Linux, Unadf | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
|
The extractTree function in unADF allows remote attackers to execute arbitrary code via shell metacharacters in a directory name in an adf file.
|
|||||
| CVE-2014-3291 | 1 Cisco | 1 Wireless Lan Controller | 2025-04-12 | 5.7 MEDIUM | N/A |
|
Cisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a zero value in Cisco Discovery Protocol packet data that is not properly handled during SNMP polling, aka Bug ID CSCuo12321.
|
|||||
| CVE-2016-5024 | 1 F5 | 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 7 more | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Virtual servers in F5 BIG-IP systems 11.6.1 before 11.6.1 HF1 and 12.1.x before 12.1.2, when configured to parse RADIUS messages via an iRule, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) via crafted network traffic.
|
|||||
| CVE-2015-0620 | 1 Cisco | 1 Telepresence Management Suite | 2025-04-12 | 4.0 MEDIUM | N/A |
|
The XML parser in Cisco TelePresence Management Suite (TMS) 14.3(.2) and earlier does not properly handle external entities, which allows remote authenticated users to cause a denial of service via POST requests, aka Bug ID CSCus51494.
|
|||||
| CVE-2016-5418 | 3 Libarchive, Oracle, Redhat | 10 Libarchive, Linux, Enterprise Linux Desktop and 7 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.
|
|||||
| CVE-2014-9410 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 7.2 HIGH | 9.8 CRITICAL |
|
The vfe31_proc_general function in drivers/media/video/msm/vfe/msm_vfe31.c in the MSM-VFE31 driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate a certain id value, which allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that makes a crafted ioctl call.
|
|||||
| CVE-2016-6399 | 1 Cisco | 9 Ace 4700 Series Application Control Engine Appliance, Ace 4700 Series Application Control Engine Appliance A1, Ace 4700 Series Application Control Engine Appliance A3 and 6 more | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
|
Cisco ACE30 Application Control Engine Module through A5 3.3 and ACE 4700 Application Control Engine appliances through A5 3.3 allow remote attackers to cause a denial of service (device reload) via crafted (1) SSL or (2) TLS packets, aka Bug ID CSCvb16317.
|
|||||
| CVE-2014-4465 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2025-04-12 | 5.0 MEDIUM | N/A |
|
WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element.
|
|||||
| CVE-2016-2850 | 2 Botan Project, Fedoraproject | 2 Botan, Fedora | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors.
|
|||||
| CVE-2015-6563 | 2 Apple, Openbsd | 2 Mac Os X, Openssh | 2025-04-12 | 1.9 LOW | N/A |
|
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
|
|||||
| CVE-2016-4438 | 1 Apache | 1 Struts | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.
|
|||||
| CVE-2016-1336 | 1 Cisco | 2 Epc3928, Epc3928 Firmware | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
|
goform/Docsis_system on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long LanguageSelect parameter, related to a "Gateway HTTP Corruption Denial of Service" issue, aka Bug ID CSCuy28100.
|
|||||
| CVE-2014-7817 | 4 Canonical, Debian, Gnu and 1 more | 4 Ubuntu Linux, Debian Linux, Glibc and 1 more | 2025-04-12 | 4.6 MEDIUM | N/A |
|
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".
|
|||||
| CVE-2016-5879 | 1 Ibm | 3 Mq Appliance Firmware, Mq Appliance M2000, Mq Appliance M2001 | 2025-04-12 | 4.6 MEDIUM | 8.8 HIGH |
|
MQCLI on IBM MQ Appliance M2000 and M2001 devices allows local users to execute arbitrary shell commands via a crafted (1) Disaster Recovery or (2) High Availability command.
|
|||||
| CVE-2014-4126 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
|||||
| CVE-2016-3069 | 6 Debian, Fedoraproject, Mercurial and 3 more | 14 Debian Linux, Fedora, Mercurial and 11 more | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
|
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
|
|||||
| CVE-2014-3137 | 1 Bottlepy | 1 Bottle | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Content-Type that would not be accepted, as demonstrated in YouCompleteMe to execute arbitrary code.
|
|||||
| CVE-2015-8727 | 1 Wireshark | 1 Wireshark | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.
|
|||||
| CVE-2016-1707 | 1 Google | 1 Chrome | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
|
ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof the URL display via a crafted web site.
|
|||||
| CVE-2015-5091 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-04-12 | 7.8 HIGH | N/A |
|
Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to cause a denial of service via invalid data.
|
|||||
| CVE-2015-2977 | 1 Webservice-dic | 1 Yoyaku | 2025-04-12 | 7.5 HIGH | N/A |
|
Webservice-DIC yoyaku_v41 allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via unspecified vectors.
|
|||||
| CVE-2015-3318 | 5 Ca, Hp, Ibm and 2 more | 10 Client Automation, Network And Systems Management, Nsm Job Management Option and 7 more | 2025-04-12 | 4.6 MEDIUM | N/A |
|
CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job Management Agent; CA Virtual Assurance for Infrastructure Managers (aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not properly validate an unspecified variable, which allows local users to gain privileges via unkn ...
Show More |
|||||
| CVE-2015-2341 | 1 Vmware | 3 Fusion, Player, Workstation | 2025-04-12 | 7.8 HIGH | N/A |
|
VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.6, and VMware Fusion 6.x before 6.0.6 and 7.x before 7.0.1 allow attackers to cause a denial of service against a 32-bit guest OS or 64-bit host OS via a crafted RPC command.
|
|||||
| CVE-2015-0584 | 1 Cisco | 1 Desktop Collaboration Experience Dx650 | 2025-04-12 | 7.2 HIGH | N/A |
|
The image-upgrade implementation on Cisco Desktop Collaboration Experience (aka Collaboration Desk Experience or DX) DX650 endpoints allows local users to execute arbitrary OS commands via an unspecified parameter, aka Bug ID CSCus38947.
|
|||||
| CVE-2016-1800 | 1 Apple | 1 Mac Os X | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
|
Captive Network Assistant in Apple OS X before 10.11.5 mishandles a custom URL scheme, which allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2014-8789 | 1 Gleamtech | 1 Filevista | 2025-04-12 | 6.5 MEDIUM | N/A |
|
GleamTech FileVista before 6.1 allows remote authenticated users to create arbitrary files and possibly execute arbitrary code via a crafted path in a zip archive, which is not properly handled during extraction.
|
|||||
| CVE-2015-6300 | 1 Cisco | 1 Secure Access Control Server | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands, aka Bug ID CSCuw24694.
|
|||||
| CVE-2013-7236 | 1 Simplemachines | 1 Simple Machines Forum | 2025-04-12 | 7.5 HIGH | N/A |
|
Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unicode homoglyph character in a username.
|
|||||
| CVE-2014-1369 | 1 Apple | 1 Safari | 2025-04-12 | 4.3 MEDIUM | N/A |
|
WebKit in Apple Safari before 6.1.5 and 7.x before 7.0.5 allows user-assisted remote attackers to access file: URLs by leveraging a URL drag operation that originates at a crafted web site.
|
|||||
| CVE-2016-3763 | 1 Google | 1 Android | 2025-04-12 | 5.0 MEDIUM | 3.3 LOW |
|
net/PacProxySelector.java in the Proxy Auto-Config (PAC) feature in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, aka internal bug 27593919.
|
|||||
| CVE-2014-3378 | 1 Cisco | 1 Ios Xr | 2025-04-12 | 5.0 MEDIUM | N/A |
|
tacacsd in Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed TACACS+ packet, aka Bug ID CSCum00468.
|
|||||
| CVE-2014-4971 | 1 Microsoft | 1 Windows Xp | 2025-04-12 | 7.2 HIGH | N/A |
|
Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem.
|
|||||
| CVE-2015-0638 | 1 Cisco | 1 Ios | 2025-04-12 | 7.1 HIGH | N/A |
|
Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge) via crafted ICMPv4 packets, aka Bug ID CSCsi02145.
|
|||||
| CVE-2016-1747 | 1 Apple | 1 Mac Os X | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
|
IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1746.
|
|||||