Total
10423 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2182 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | 6.1 MEDIUM | N/A |
| Cisco Adaptive Security Appliance (ASA) Software, when DHCPv6 replay is configured, allows remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 packet, aka Bug ID CSCun45520. | |||||
| CVE-2015-5589 | 1 Php | 1 Php | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call. | |||||
| CVE-2016-1409 | 1 Cisco | 4 Ios, Ios Xe, Ios Xr and 1 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as exploited in the wild in May 2016. | |||||
| CVE-2014-1271 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-12 | 7.8 HIGH | N/A |
| CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not properly validate IOKit API calls, which allows attackers to cause a denial of service (assertion failure and device crash) via a crafted app. | |||||
| CVE-2014-2286 | 2 Digium, Fedoraproject | 3 Asterisk, Certified Asterisk, Fedora | 2025-04-12 | 7.5 HIGH | N/A |
| main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers. | |||||
| CVE-2014-1991 | 1 Intra-mart | 1 Webplatform\/appframework | 2025-04-12 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in WebPlatform / AppFramework 6.0 through 7.2 in NTT DATA INTRAMART intra-mart allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2011-4953 | 1 Cobbler Project | 1 Cobbler | 2025-04-12 | 6.8 MEDIUM | N/A |
| The set_mgmt_parameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safe_load function, as demonstrated using Puppet. | |||||
| CVE-2014-2281 | 1 Wireshark | 1 Wireshark | 2025-04-12 | 4.3 MEDIUM | N/A |
| The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted NFS packet. | |||||
| CVE-2014-2739 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 4.6 MEDIUM | N/A |
| The cma_req_handler function in drivers/infiniband/core/cma.c in the Linux kernel 3.14.x through 3.14.1 attempts to resolve an RDMA over Converged Ethernet (aka RoCE) address that is properly resolved within a different module, which allows remote attackers to cause a denial of service (incorrect pointer dereference and system crash) via crafted network traffic. | |||||
| CVE-2014-3338 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 8.5 HIGH | N/A |
| The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via crafted token data, aka Bug ID CSCum95491. | |||||
| CVE-2012-6619 | 1 Mongodb | 1 Mongodb | 2025-04-12 | 6.4 MEDIUM | N/A |
| The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read. | |||||
| CVE-2015-7931 | 1 Adcon | 1 A840 Telemetry Gateway Base Station Firmware | 2025-04-12 | 5.8 MEDIUM | 8.7 HIGH |
| The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information by reading cleartext packet data, related to the lack of SSL support. | |||||
| CVE-2014-1874 | 3 Canonical, Linux, Suse | 3 Ubuntu Linux, Linux Kernel, Linux Enterprise Server | 2025-04-12 | 4.9 MEDIUM | N/A |
| The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context. | |||||
| CVE-2014-3310 | 1 Cisco | 2 Webex Meeting Center, Webex Meetings Server | 2025-04-12 | 4.3 MEDIUM | N/A |
| The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463. | |||||
| CVE-2015-2464 | 1 Microsoft | 15 .net Framework, Live Meeting, Lync and 12 more | 2025-04-12 | 9.3 HIGH | N/A |
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2463. | |||||
| CVE-2014-0244 | 1 Samba | 1 Samba | 2025-04-12 | 3.3 LOW | N/A |
| The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet. | |||||
| CVE-2015-7519 | 1 Phusionpassenger | 1 Phusion Passenger | 2025-04-12 | 4.3 MEDIUM | 3.7 LOW |
| agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X_User header. | |||||
| CVE-2013-0740 | 1 Dell | 1 Openmanage Server Administrator | 2025-04-12 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in Dell OpenManage Server Administrator (OMSA) before 7.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the file parameter to HelpViewer. | |||||
| CVE-2014-4388 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4418. | |||||
| CVE-2016-1291 | 2 Cisco, Sun | 3 Evolved Programmable Network Manager, Prime Infrastructure, Opensolaris | 2025-04-12 | 9.3 HIGH | 9.8 CRITICAL |
| Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192. | |||||