Total
9738 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4778 | 1 Ibm | 2 Endpoint Manager Family, License Metric Tool | 2024-02-28 | 4.3 MEDIUM | N/A |
| IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which allows remote attackers to conduct clickjacking attacks via vectors involving a FRAME element. | |||||
| CVE-2016-5361 | 1 Libreswan | 1 Libreswan | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 protocol, but has a required security update from the libreswan vendor; as of 2016-06-10, it is expected that several other IKEv1 implementations will have vendor-required security updates, with separate CVE IDs assigned to each. | |||||
| CVE-2015-0756 | 1 Cisco | 1 Wireless Lan Controller | 2024-02-28 | 6.1 MEDIUM | N/A |
| Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) allow remote attackers to cause a denial of service (wireless-networking outage) via crafted TCP traffic on the local network, aka Bug ID CSCug67104. | |||||
| CVE-2016-0050 | 1 Microsoft | 2 Windows Server 2008, Windows Server 2012 | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Network Policy Server (NPS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 misparses username queries, which allows remote attackers to cause a denial of service (RADIUS authentication outage) via crafted requests, aka "Network Policy Server RADIUS Implementation Denial of Service Vulnerability." | |||||
| CVE-2015-7993 | 1 Sap | 1 Hana | 2024-02-28 | 7.5 HIGH | N/A |
| The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "HTTP Login," aka SAP Security Note 2197397. | |||||
| CVE-2016-0756 | 1 Prosody | 1 Prosody | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| The generate_dialback function in the mod_dialback module in Prosody before 0.9.10 does not properly separate fields when generating dialback keys, which allows remote attackers to spoof XMPP network domains via a crafted stream id and domain name that is included in the target domain as a suffix. | |||||
| CVE-2015-6563 | 2 Apple, Openbsd | 2 Mac Os X, Openssh | 2024-02-28 | 1.9 LOW | N/A |
| The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c. | |||||
| CVE-2015-1492 | 1 Symantec | 1 Endpoint Protection Manager | 2024-02-28 | 8.5 HIGH | N/A |
| Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1 allows local users to gain privileges via a Trojan horse DLL in a client install package. | |||||
| CVE-2016-0120 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-28 | 7.1 HIGH | 6.5 MEDIUM |
| The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability." | |||||
| CVE-2016-5874 | 1 Siemens | 1 Simatic Net Pc-software | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service (OPC UA service outage) via crafted TCP packets. | |||||
| CVE-2016-0044 | 1 Microsoft | 3 Windows 8.1, Windows Rt 8.1, Windows Server 2012 | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Sync Framework in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows remote attackers to cause a denial of service (SyncShareSvc service outage) via crafted "change batch" data, aka "Windows DLL Loading Denial of Service Vulnerability." | |||||
| CVE-2016-1444 | 1 Cisco | 2 Telepresence Video Communication Server, Telepresence Video Communication Server Software | 2024-02-28 | 5.8 MEDIUM | 6.5 MEDIUM |
| The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601. | |||||
| CVE-2016-4706 | 1 Apple | 1 Mac Os X | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors. | |||||
| CVE-2015-6169 | 1 Microsoft | 1 Edge | 2024-02-28 | 4.3 MEDIUM | N/A |
| Microsoft Edge misparses HTTP responses, which allows remote attackers to redirect users to arbitrary web sites via unspecified vectors, aka "Microsoft Edge Spoofing Vulnerability." | |||||
| CVE-2015-4286 | 1 Cisco | 1 Unified Computing System Central Software | 2024-02-28 | 5.0 MEDIUM | N/A |
| The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377. | |||||
| CVE-2015-5965 | 1 Fortinet | 1 Fortios | 2024-02-28 | 5.0 MEDIUM | N/A |
| The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the first byte of the TLS MAC in finished messages, which makes it easier for remote attackers to spoof encrypted content via a crafted MAC field. | |||||
| CVE-2016-1464 | 1 Cisco | 1 Webex Wrf Player T29 | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
| Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375. | |||||
| CVE-2016-6433 | 1 Cisco | 1 Firepower Management Center | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872. | |||||
| CVE-2015-3411 | 2 Php, Redhat | 8 Php, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-02-28 | 6.4 MEDIUM | 6.5 MEDIUM |
| PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files. | |||||
| CVE-2016-1351 | 1 Cisco | 2 Ios, Nx-os | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.1 and 15.2 and NX-OS 4.1 through 6.2 allows remote attackers to cause a denial of service (device reload) via a crafted header in a packet, aka Bug ID CSCuu64279. | |||||