Total
222 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-7928 | 1 Google | 1 Chrome | 2025-04-12 | 7.5 HIGH | N/A |
| hydrogen.cc in Google V8, as used Google Chrome before 40.0.2214.91, does not properly handle arrays with holes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code that triggers an array copy. | |||||
| CVE-2016-4477 | 1 Google | 1 Android | 2025-04-12 | 4.4 MEDIUM | 7.8 HIGH |
| wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service (daemon outage), via a crafted (1) SET, (2) SET_CRED, or (3) SET_NETWORK command. | |||||
| CVE-2014-8822 | 1 Apple | 1 Mac Os X | 2025-04-12 | 10.0 HIGH | N/A |
| IOHIDFamily in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a kernel context or cause a denial of service (write to kernel memory) via a crafted app that calls an unspecified user-client method. | |||||
| CVE-2016-3856 | 1 Google | 1 Android | 2025-04-12 | 6.8 MEDIUM | 7.8 HIGH |
| netd in Android before 2016-08-05 mishandles tethering and stdio streams, which allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR959631. | |||||
| CVE-2016-7099 | 2 Nodejs, Suse | 2 Node.js, Linux Enterprise | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. | |||||
| CVE-2014-9221 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025. | |||||
| CVE-2015-0598 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | 6.8 MEDIUM | N/A |
| The RADIUS implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted IPv6 Attributes in Access-Accept packets, aka Bug IDs CSCur84322 and CSCur27693. | |||||
| CVE-2014-9194 | 1 Arbiter | 1 1094b Gps Substation Clock | 2025-04-12 | 7.8 HIGH | N/A |
| Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts. | |||||
| CVE-2015-8672 | 1 Huawei | 5 Te30, Te40, Te50 and 2 more | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The presentation transmission permission management mechanism in Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 allows remote attackers to cause a denial of service (wired presentation outage) via unspecified vectors involving a wireless presentation. | |||||
| CVE-2014-3629 | 1 Apache | 1 Qpid | 2025-04-12 | 4.3 MEDIUM | N/A |
| XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message. | |||||
| CVE-2016-5153 | 2 Google, Opensuse | 2 Chrome, Leap | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site. | |||||
| CVE-2016-4828 | 1 Welcart | 1 Welcart E-commerce | 2025-04-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an account. | |||||
| CVE-2015-2432 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2025-04-12 | 9.3 HIGH | N/A |
| ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability." | |||||
| CVE-2016-1274 | 1 Juniper | 6 Junos, Qfx10000, Qfx3500 and 3 more | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| Juniper Junos OS 14.1X53 before 14.1X53-D30 on QFX Series switches allows remote attackers to cause a denial of service (PFE panic) via a high rate of unspecified VXLAN packets. | |||||
| CVE-2015-3763 | 1 Apple | 1 Iphone Os | 2025-04-12 | 4.3 MEDIUM | N/A |
| Safari in Apple iOS before 8.4.1 does not limit the rate of JavaScript alert messages, which allows remote attackers to cause a denial of service (apparent browser locking) via a crafted web site. | |||||
| CVE-2015-0060 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2025-04-12 | 4.7 MEDIUM | N/A |
| The font mapper in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly scale fonts, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Windows Font Driver Denial of Service Vulnerability." | |||||
| CVE-2015-5363 | 1 Juniper | 14 Junos, Srx100, Srx110 and 11 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| The SRX Network Security Daemon (nsd) in Juniper SRX Series services gateways with Junos 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 allows remote DNS servers to cause a denial of service (crash) via a crafted DNS response. | |||||
| CVE-2014-3756 | 1 Mumble | 1 Mumble | 2025-04-12 | 5.0 MEDIUM | N/A |
| The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip. | |||||
| CVE-2015-1574 | 1 Google | 1 Email | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Google Email application 4.2.2.0200 for Android allows remote attackers to cause a denial of service (persistent application crash) via a "Content-Disposition: ;" header in an e-mail message. | |||||
| CVE-2014-8817 | 1 Apple | 1 Mac Os X | 2025-04-12 | 10.0 HIGH | N/A |
| coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a privileged context via a crafted app, as demonstrated by lack of verification of xpc_dictionary_get_value API return values during handling of a (1) match_mmap_archives, (2) delete_mmap_archives, (3) write_mmap_archive, or (4) read_mmap_archive command. | |||||