Total
10891 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8160 | 6 Canonical, Debian, Linux and 3 more | 15 Ubuntu Linux, Debian Linux, Linux Kernel and 12 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers. | |||||
| CVE-2016-6711 | 1 Google | 1 Android | 2025-04-12 | 7.1 HIGH | 5.5 MEDIUM |
| A remote denial of service vulnerability in libvpx in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-30593765. | |||||
| CVE-2015-2458 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2025-04-12 | 9.3 HIGH | N/A |
| ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2459 and CVE-2015-2461. | |||||
| CVE-2014-2179 | 1 Cisco | 7 Rv120w, Rv120w Firmware, Rv180 and 4 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998. | |||||
| CVE-2016-4825 | 1 Welcart | 1 Welcart E-commerce | 2025-04-12 | 6.8 MEDIUM | 5.6 MEDIUM |
| The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data. | |||||
| CVE-2014-6230 | 1 Wp-ban Project | 1 Wp-ban | 2025-04-12 | 4.3 MEDIUM | N/A |
| WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header. | |||||
| CVE-2014-9030 | 3 Debian, Opensuse, Xen | 3 Debian Linux, Opensuse, Xen | 2025-04-12 | 7.1 HIGH | N/A |
| The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE. | |||||
| CVE-2016-0801 | 2 Apple, Google | 5 Iphone Os, Mac Os X, Tvos and 2 more | 2025-04-12 | 8.3 HIGH | 9.8 CRITICAL |
| The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029. | |||||
| CVE-2016-1479 | 1 Cisco | 2 Ip Phone 8800, Ip Phone 8800 Series Firmware | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| Cisco IP Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of service (memory corruption) via a crafted HTTP request, aka Bug ID CSCuz03038. | |||||
| CVE-2015-8227 | 1 Huawei | 2 Vp9660, Vp 9660 Firmware | 2025-04-12 | 8.5 HIGH | N/A |
| The built-in web server in Huawei VP9660 multi-point control unit with software before V200R001C30SPC700 allows remote administrators to obtain sensitive information or cause a denial of service via a crafted message. | |||||
| CVE-2014-3890 | 1 Silex | 2 Sx-2000wg, Sx-2000wg Firmware | 2025-04-12 | 5.0 MEDIUM | N/A |
| silex SX-2000WG devices with firmware before 1.5.4 allow remote attackers to cause a denial of service (connectivity outage) via a crafted IP packet, a different vulnerability than CVE-2014-3889. | |||||
| CVE-2014-9864 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747998 and Qualcomm internal bug CR561841. | |||||
| CVE-2016-4960 | 1 Nvidia | 40 Geforce 910m, Geforce 920m, Geforce 920mx and 37 more | 2025-04-12 | 6.9 MEDIUM | 7.3 HIGH |
| For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privilege. | |||||
| CVE-2014-6135 | 1 Ibm | 2 Security Appscan, Security Appscan Source | 2025-04-12 | 4.3 MEDIUM | N/A |
| IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||||
| CVE-2014-4461 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | 9.3 HIGH | N/A |
| The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application. | |||||
| CVE-2016-4974 | 1 Apache | 2 Amqp 0-x Jms Client, Jms Client Amqp | 2025-04-12 | 6.0 MEDIUM | 7.5 HIGH |
| Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a crafted serialized object in a JMS ObjectMessage that is handled by the getObject function. | |||||
| CVE-2014-4397 | 1 Apple | 1 Mac Os X | 2025-04-12 | 6.9 MEDIUM | N/A |
| An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416. | |||||
| CVE-2016-4348 | 3 Debian, Gnome, Opensuse | 4 Debian Linux, Librsvg, Leap and 1 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document. | |||||
| CVE-2014-1492 | 1 Mozilla | 1 Network Security Services | 2025-04-12 | 4.3 MEDIUM | N/A |
| The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate. | |||||
| CVE-2015-0636 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | 7.8 HIGH | N/A |
| The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (disrupted domain access) via spoofed AN messages that reset a finite state machine, aka Bug ID CSCup62293. | |||||