Total
9738 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-3755 | 1 Google | 1 Android | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
decoder/ih264d_parse_pslice.c in mediaserver in Android 6.x before 2016-07-01 does not properly select concealment frames, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28470138. | |||||
CVE-2016-0754 | 2 Haxx, Microsoft | 2 Curl, Windows | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name. | |||||
CVE-2015-8739 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the IPMI dissector in Wireshark 2.0.x before 2.0.1 improperly attempts to access a packet scope, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet. | |||||
CVE-2015-8760 | 1 Typo3 | 1 Typo3 | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka "Cross-Site Flashing." | |||||
CVE-2015-8722 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. | |||||
CVE-2015-8720 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
CVE-2015-8552 | 4 Canonical, Debian, Novell and 1 more | 5 Ubuntu Linux, Debian Linux, Suse Linux Enterprise Debuginfo and 2 more | 2024-02-28 | 1.7 LOW | 4.4 MEDIUM |
The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks." | |||||
CVE-2016-1336 | 1 Cisco | 2 Epc3928, Epc3928 Firmware | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
goform/Docsis_system on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long LanguageSelect parameter, related to a "Gateway HTTP Corruption Denial of Service" issue, aka Bug ID CSCuy28100. | |||||
CVE-2016-1008 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-02-28 | 7.2 HIGH | 8.4 HIGH |
Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2015-8732 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the Total Profile Number field, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. | |||||
CVE-2015-4992 | 1 Ibm | 1 Sterling B2b Integrator | 2024-02-28 | 3.5 LOW | N/A |
IBM Sterling B2B Integrator 5.2 before 5020500_8 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. | |||||
CVE-2015-7835 | 1 Xen | 1 Xen | 2024-02-28 | 7.2 HIGH | N/A |
The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping. | |||||
CVE-2015-2458 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2024-02-28 | 9.3 HIGH | N/A |
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2459 and CVE-2015-2461. | |||||
CVE-2016-4590 | 1 Apple | 3 Iphone Os, Safari, Webkit | 2024-02-28 | 4.3 MEDIUM | 5.4 MEDIUM |
WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | |||||
CVE-2016-2486 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate the relationship between allocated memory and the frame size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27793371. | |||||
CVE-2016-3980 | 1 Sap | 1 Application Server Java | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The Java Startup Framework (aka jstart) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted HTTP request, aka SAP Security Note 2259547. | |||||
CVE-2015-8727 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet. | |||||
CVE-2016-1338 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2024-02-28 | 8.0 HIGH | 6.5 MEDIUM |
Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 allows remote authenticated users to cause a denial of service (VoIP outage) via a crafted SIP message, aka Bug ID CSCuu43026. | |||||
CVE-2015-6863 | 1 Hp | 1 Arcsight Logger | 2024-02-28 | 7.5 HIGH | 7.3 HIGH |
HPE ArcSight Logger before 6.1P1 allows remote attackers to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component. | |||||
CVE-2015-5765 | 1 Apple | 2 Iphone Os, Safari | 2024-02-28 | 4.3 MEDIUM | N/A |
The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767. |