Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1997 | 1 Hp | 2 Operations Orchestration, Operations Orchestration Content | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
|
|||||
| CVE-2014-3955 | 1 Freebsd | 1 Freebsd | 2025-04-12 | 5.0 MEDIUM | N/A |
|
routed in FreeBSD 8.4 through 10.1-RC2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RIP request from a source not on a directly connected network.
|
|||||
| CVE-2014-2554 | 2 Opensuse, Otrs | 2 Opensuse, Otrs | 2025-04-12 | 4.3 MEDIUM | N/A |
|
OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element.
|
|||||
| CVE-2014-0684 | 1 Cisco | 5 Nexus 7000, Nexus 7000 10-slot, Nexus 7000 18-slot and 2 more | 2025-04-12 | 4.6 MEDIUM | N/A |
|
Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause a denial of service via crafted sed input, aka Bug ID CSCui56136.
|
|||||
| CVE-2014-3710 | 3 Canonical, Debian, Php | 3 Ubuntu Linux, Debian Linux, Php | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
|
|||||
| CVE-2016-9156 | 1 Siemens | 1 Sicam Pas\/pqs | 2025-04-12 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to upload, download, or delete files in certain parts of the file system by sending specially crafted packets to port 19235/TCP.
|
|||||
| CVE-2016-1338 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2025-04-12 | 8.0 HIGH | 6.5 MEDIUM |
|
Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 allows remote authenticated users to cause a denial of service (VoIP outage) via a crafted SIP message, aka Bug ID CSCuu43026.
|
|||||
| CVE-2015-7994 | 1 Sap | 1 Hana | 2025-04-12 | 7.5 HIGH | N/A |
|
The SQL interface in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "SQL Login," aka SAP Security Note 2197428.
|
|||||
| CVE-2015-4197 | 1 Cisco | 3 Nexus 7000, Nexus 7700, Nx-os | 2025-04-12 | 6.1 MEDIUM | N/A |
|
Cisco NX-OS 5.2(5) on Nexus 7000 devices allows remote attackers to cause a denial of service (device crash) by sending a malformed LLDP packet on the local network, aka Bug ID CSCud89415.
|
|||||
| CVE-2016-0121 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
|
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."
|
|||||
| CVE-2015-8731 | 1 Wireshark | 1 Wireshark | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
|
|||||
| CVE-2014-4611 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation, a different vulnerability than CVE-2014-4715.
|
|||||
| CVE-2016-6259 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-12 | 4.9 MEDIUM | 6.2 MEDIUM |
|
Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check.
|
|||||
| CVE-2016-1391 | 1 Cisco | 2 Prime Network Analysis Module Software, Prime Virtual Network Analysis Module Software | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
|
Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) allow remote authenticated users to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21889.
|
|||||
| CVE-2015-0293 | 1 Openssl | 1 Openssl | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.
|
|||||
| CVE-2014-3343 | 1 Cisco | 1 Ios Xr | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (DHCPv6 daemon crash) via a malformed DHCPv6 packet, aka Bug ID CSCuo59052.
|
|||||
| CVE-2016-5340 | 2 Google, Linux | 2 Android, Linux Kernel | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
|
The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name.
|
|||||
| CVE-2012-3062 | 1 Cisco | 1 Ios | 2025-04-12 | 5.7 MEDIUM | N/A |
|
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.
|
|||||
| CVE-2016-1660 | 3 Google, Opensuse, Redhat | 6 Chrome, Opensuse, Enterprise Linux Desktop Supplementary and 3 more | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
|
Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted web site.
|
|||||
| CVE-2014-3095 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2025-04-12 | 3.5 LOW | N/A |
|
The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted UNION clause in a subquery of a SELECT statement.
|
|||||
| CVE-2012-1366 | 1 Cisco | 10 Asr 1001, Asr 1002, Asr 1002-x and 7 more | 2025-04-12 | 6.1 MEDIUM | N/A |
|
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.
|
|||||
| CVE-2016-2390 | 1 Squid-cache | 1 Squid | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.
|
|||||
| CVE-2014-2513 | 1 Emc | 1 Documentum Content Server | 2025-04-12 | 8.2 HIGH | N/A |
|
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script.
|
|||||
| CVE-2016-3750 | 1 Google | 1 Android | 2025-04-12 | 7.5 HIGH | 7.8 HIGH |
|
libs/binder/Parcel.cpp in the Parcels Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the return value of the dup system call, which allows attackers to bypass an isolation protection mechanism via a crafted application, aka internal bug 28395952.
|
|||||
| CVE-2022-39012 | 1 Huawei | 2 Aslan-al10, Aslan-al10 Firmware | 2025-04-11 | N/A | 7.5 HIGH |
|
Huawei Aslan Children's Watch has an improper input validation vulnerability. Successful exploitation may cause the watch's application service abnormal.
|
|||||
| CVE-2020-36564 | 1 Nosurf Project | 1 Nosurf | 2025-04-11 | N/A | 7.5 HIGH |
|
Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid.
|
|||||
| CVE-2024-20334 | 1 Cisco | 1 Telepresence Management Suite | 2025-04-11 | N/A | 5.5 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow a low-privileged, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute a ...
Show More |
|||||
| CVE-2021-30501 | 3 Fedoraproject, Redhat, Upx | 3 Fedora, Enterprise Linux, Upx | 2025-04-11 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file.
|
|||||
| CVE-2013-5550 | 1 Cisco | 1 Unified Computing System | 2025-04-11 | 4.6 MEDIUM | N/A |
|
The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via crafted command parameters that trigger hardware-component write operations, aka Bug ID CSCtq86549.
|
|||||
| CVE-2013-6170 | 1 Juniper | 1 Junos | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before 11.1R5, 11.2 before 11.2R2, and 11.4 before 11.4R1, when in a Next-Generation Multicast VPN (NGEN MVPN) environment, allows remote attackers to cause a denial of service (RPD routing daemon crash) via a large number of crafted PIM (S,G) join requests.
|
|||||
| CVE-2012-6044 | 1 Mjsware | 1 M-player | 2025-04-11 | 4.3 MEDIUM | N/A |
|
M-Player 0.4 allows remote attackers to cause a denial of service (crash) via a crafted MP3 file.
|
|||||
| CVE-2010-1586 | 1 Hp | 1 System Management Homepage | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter.
|
|||||
| CVE-2012-5807 | 2 Lincolnloop, Zen-cart | 2 Authorize.net Echeck Module, Zen Cart | 2025-04-11 | 5.8 MEDIUM | N/A |
|
The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
|
|||||
| CVE-2010-3788 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quicktime | 2025-04-11 | 6.8 MEDIUM | N/A |
|
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of JP2 image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 file.
|
|||||
| CVE-2010-3616 | 1 Isc | 1 Dhcp | 2025-04-11 | 5.0 MEDIUM | N/A |
|
ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover partnerships, allows remote attackers to cause a denial of service (communications-interrupted state and DHCP client service loss) by connecting to a port that is only intended for a failover peer, as demonstrated by a Nagios check_tcp process check to TCP port 520.
|
|||||
| CVE-2013-1013 | 1 Apple | 1 Safari | 2025-04-11 | 4.3 MEDIUM | N/A |
|
XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly rewrite URLs, which allows remote attackers to trigger unintended form submissions via unspecified vectors.
|
|||||
| CVE-2013-4673 | 1 Symantec | 3 Web Gateway, Web Gateway Appliance 8450, Web Gateway Appliance 8490 | 2025-04-11 | 5.8 MEDIUM | N/A |
|
The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 does not properly implement RADIUS authentication, which allows remote attackers to execute arbitrary code by leveraging access to the login prompt.
|
|||||
| CVE-2013-2078 | 1 Xen | 1 Xen | 2025-04-11 | 4.7 MEDIUM | N/A |
|
Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a denial of service (hypervisor crash) via certain bit combinations to the XSETBV instruction.
|
|||||
| CVE-2011-4015 | 1 Cisco | 1 Ios | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Cisco IOS 15.2S allows remote attackers to cause a denial of service (interface queue wedge) via malformed UDP traffic on port 465, aka Bug ID CSCts48300.
|
|||||
| CVE-2012-0838 | 1 Apache | 1 Struts | 2025-04-11 | 10.0 HIGH | N/A |
|
Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
|
|||||