Total
10886 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2775 | 4 Fedoraproject, Hp, Isc and 1 more | 9 Fedora, Hp-ux, Bind and 6 more | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. | |||||
| CVE-2015-7337 | 2 Ipython, Jupyter | 2 Notebook, Notebook | 2025-04-12 | 6.8 MEDIUM | N/A |
| The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types. | |||||
| CVE-2015-6365 | 1 Cisco | 1 Ios | 2025-04-12 | 4.0 MEDIUM | N/A |
| Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs supersede virtual PPP interface ACLs, which allows remote authenticated users to bypass intended network-traffic restrictions in opportunistic circumstances by using PPP, aka Bug ID CSCur61303. | |||||
| CVE-2016-1661 | 3 Google, Opensuse, Redhat | 6 Chrome, Opensuse, Enterprise Linux Desktop Supplementary and 3 more | 2025-04-12 | 8.3 HIGH | 8.0 HIGH |
| Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted web site, related to BindingSecurity.cpp and DOMWindow.cpp. | |||||
| CVE-2014-2127 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | 8.5 HIGH | N/A |
| Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 before 8.6(1.13), 9.0 before 9.0(4.1), and 9.1 before 9.1(4.3) does not properly process management-session information during privilege validation for SSL VPN portal connections, which allows remote authenticated users to gain privileges by establishing a Clientless SSL VPN session and entering crafted URLs, aka Bug ID CSCul70099. | |||||
| CVE-2016-0101 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
| Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to execute arbitrary code via crafted media content, aka "Windows Media Parsing Remote Code Execution Vulnerability." | |||||
| CVE-2016-8740 | 1 Apache | 1 Http Server | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request. | |||||
| CVE-2016-1660 | 3 Google, Opensuse, Redhat | 6 Chrome, Opensuse, Enterprise Linux Desktop Supplementary and 3 more | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted web site. | |||||
| CVE-2011-4407 | 1 Canonical | 2 Software-properties, Ubuntu Linux | 2025-04-12 | 4.3 MEDIUM | N/A |
| ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository. | |||||
| CVE-2016-1733 | 1 Apple | 1 Mac Os X | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| AppleRAID in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2015-7835 | 1 Xen | 1 Xen | 2025-04-12 | 7.2 HIGH | N/A |
| The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping. | |||||
| CVE-2016-1288 | 1 Cisco | 1 Web Security Appliance | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x before 9.0.0-485 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (service outage) by leveraging certain intranet connectivity and sending a malformed HTTPS request, aka Bug ID CSCuu24840. | |||||
| CVE-2015-5685 | 1 Bittorrent | 1 Bootstrap-dht | 2025-04-12 | 7.5 HIGH | N/A |
| The lazy_bdecode function in BitTorrent DHT bootstrap server (bootstrap-dht ) allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing." | |||||
| CVE-2016-6405 | 1 Cisco | 1 Fog Director | 2025-04-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| Cisco Fog Director 1.0(0) for IOx allows remote authenticated users to bypass intended access restrictions and write to arbitrary files via the Cartridge interface, aka Bug ID CSCuz89368. | |||||
| CVE-2011-3195 | 1 Gplhost | 1 Domain Technologie Control | 2025-04-12 | 6.5 MEDIUM | N/A |
| shared/inc/sql/lists.php in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in mailing list tunable options. | |||||
| CVE-2016-0381 | 1 Ibm | 1 Cognos Tm1 | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Cognos TM1 10.2.2 before FP5, when the host/pmhub/pm/admin AdminGroups setting is empty, allows remote authenticated users to cause a denial of service (configuration outage) via a non-empty value. | |||||
| CVE-2014-0921 | 1 Ibm | 2 Messagesight, Messagesight Jms Client | 2025-04-12 | 4.3 MEDIUM | N/A |
| The server in IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (daemon crash and message data loss) via malformed headers during a WebSockets connection upgrade. | |||||
| CVE-2016-2839 | 3 Ffmpeg, Linux, Mozilla | 3 Ffmpeg, Linux Kernel, Firefox | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video. | |||||
| CVE-2014-1896 | 1 Xen | 1 Xen | 2025-04-12 | 4.9 MEDIUM | N/A |
| The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore ring indexes, which triggers a "read or write past the end of the ring." | |||||
| CVE-2016-6630 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack by entering a very long password at the change password dialog. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||