Total
10253 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4518 | 1 Osisoft | 1 Pi Af Server 2016 | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| OSIsoft PI AF Server before 2016 2.8.0 allows remote authenticated users to cause a denial of service (service outage) via a message. | |||||
| CVE-2015-0661 | 1 Cisco | 1 Ios Xr | 2025-04-12 | 4.0 MEDIUM | N/A |
| The SNMPv2 implementation in Cisco IOS XR allows remote authenticated users to cause a denial of service (snmpd daemon reload) via a malformed SNMP packet, aka Bug ID CSCur25858. | |||||
| CVE-2016-1268 | 1 Juniper | 1 Screenos | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| The administrative web services interface in Juniper ScreenOS before 6.3.0r21 allows remote attackers to cause a denial of service (reboot) via a crafted SSL packet. | |||||
| CVE-2016-3230 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2025-04-12 | 1.9 LOW | 5.0 MEDIUM |
| The Search component in Microsoft Windows 7, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to cause a denial of service (performance degradation) via a crafted application, aka "Windows Search Component Denial of Service Vulnerability." | |||||
| CVE-2015-1105 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | 5.0 MEDIUM | N/A |
| The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets. | |||||
| CVE-2014-0633 | 1 Emc | 1 Vplex Geosynchrony | 2025-04-12 | 7.7 HIGH | N/A |
| The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation. | |||||
| CVE-2015-3411 | 2 Php, Redhat | 8 Php, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2025-04-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files. | |||||
| CVE-2015-6790 | 1 Google | 1 Chrome | 2025-04-12 | 4.3 MEDIUM | N/A |
| The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as demonstrated by a double-quote character inside a single-quoted string. | |||||
| CVE-2012-3062 | 1 Cisco | 1 Ios | 2025-04-12 | 5.7 MEDIUM | N/A |
| Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193. | |||||
| CVE-2016-0118 | 1 Microsoft | 1 Windows 10 | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| The PDF library in Microsoft Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted PDF document, aka "Windows Remote Code Execution Vulnerability." | |||||
| CVE-2016-1430 | 1 Cisco | 4 Rv180 Vpn Router, Rv180 Vpn Router Firmware, Rv180w Vpn Router and 1 more | 2025-04-12 | 9.0 HIGH | 8.8 HIGH |
| Cisco RV180 and RV180W devices allow remote authenticated users to execute arbitrary commands as root via a crafted HTTP request, aka Bug ID CSCuz48592. | |||||
| CVE-2016-5009 | 1 Redhat | 7 Ceph, Ceph Storage Mon, Ceph Storage Osd and 4 more | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix. | |||||
| CVE-2015-5780 | 1 Apple | 1 Safari | 2025-04-12 | 10.0 HIGH | N/A |
| The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors. | |||||
| CVE-2015-2752 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2025-04-12 | 4.9 MEDIUM | N/A |
| The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm). | |||||
| CVE-2015-0759 | 1 Cisco | 1 Headend Digital Broadband Delivery System | 2025-04-12 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cisco Headend Digital Broadband Delivery System allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2016-3228 | 1 Microsoft | 2 Windows Server 2008, Windows Server 2012 | 2025-04-12 | 9.0 HIGH | 8.8 HIGH |
| Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows Server 2012 Gold and R2 allow remote authenticated users to execute arbitrary code via a crafted NetLogon request, aka "Windows Netlogon Memory Corruption Remote Code Execution Vulnerability." | |||||
| CVE-2014-4149 | 1 Microsoft | 1 .net Framework | 2025-04-12 | 9.3 HIGH | N/A |
| Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly perform TypeFilterLevel checks, which allows remote attackers to execute arbitrary code via crafted data to a .NET Remoting endpoint, aka "TypeFilterLevel Vulnerability." | |||||
| CVE-2016-1351 | 1 Cisco | 2 Ios, Nx-os | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.1 and 15.2 and NX-OS 4.1 through 6.2 allows remote attackers to cause a denial of service (device reload) via a crafted header in a packet, aka Bug ID CSCuu64279. | |||||
| CVE-2015-4286 | 1 Cisco | 1 Unified Computing System Central Software | 2025-04-12 | 5.0 MEDIUM | N/A |
| The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377. | |||||
| CVE-2014-3262 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | 4.3 MEDIUM | N/A |
| The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to cause a denial of service (CEF outage and packet drops) via malformed messages, aka Bug ID CSCun73782. | |||||