Total
9738 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-3093 | 2 Apache, Ognl Project | 2 Struts, Ognl | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors. | |||||
CVE-2016-0118 | 1 Microsoft | 1 Windows 10 | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
The PDF library in Microsoft Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted PDF document, aka "Windows Remote Code Execution Vulnerability." | |||||
CVE-2016-3092 | 4 Apache, Canonical, Debian and 1 more | 6 Commons Fileupload, Tomcat, Ubuntu Linux and 3 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string. | |||||
CVE-2015-6245 | 2 Oracle, Wireshark | 3 Linux, Solaris, Wireshark | 2024-02-28 | 4.3 MEDIUM | N/A |
epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | |||||
CVE-2015-2416 | 1 Microsoft | 9 Windows 2003 Server, Windows 7, Windows 8 and 6 more | 2024-02-28 | 5.0 MEDIUM | N/A |
OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via crafted input, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "OLE Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2417. | |||||
CVE-2015-5144 | 4 Canonical, Debian, Djangoproject and 1 more | 4 Ubuntu Linux, Debian Linux, Django and 1 more | 2024-02-28 | 4.3 MEDIUM | N/A |
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator. | |||||
CVE-2015-3760 | 1 Apple | 1 Mac Os X | 2024-02-28 | 7.2 HIGH | N/A |
dyld in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors. | |||||
CVE-2015-8373 | 1 Isc | 1 Kea | 2024-02-28 | 7.1 HIGH | 6.8 MEDIUM |
The kea-dhcp4 and kea-dhcp6 servers 0.9.2 and 1.0.0-beta in ISC Kea, when certain debugging settings are used, allow remote attackers to cause a denial of service (daemon crash) via a malformed packet. | |||||
CVE-2016-1182 | 1 Apache | 1 Struts | 2024-02-28 | 6.4 MEDIUM | 8.2 HIGH |
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899. | |||||
CVE-2015-7337 | 2 Ipython, Jupyter | 2 Notebook, Notebook | 2024-02-28 | 6.8 MEDIUM | N/A |
The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types. | |||||
CVE-2016-1370 | 1 Cisco | 2 Network Analysis Module, Network Analysis Module Software | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Cisco Prime Network Analysis Module (NAM) before 6.2(1-b) miscalculates IPv6 payload lengths, which allows remote attackers to cause a denial of service (mond process crash and monitoring outage) via crafted IPv6 packets, aka Bug ID CSCuy37324. | |||||
CVE-2016-0005 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability." | |||||
CVE-2016-5879 | 1 Ibm | 3 Mq Appliance Firmware, Mq Appliance M2000, Mq Appliance M2001 | 2024-02-28 | 4.6 MEDIUM | 8.8 HIGH |
MQCLI on IBM MQ Appliance M2000 and M2001 devices allows local users to execute arbitrary shell commands via a crafted (1) Disaster Recovery or (2) High Availability command. | |||||
CVE-2015-5208 | 1 Apache | 1 Cordova | 2024-02-28 | 4.3 MEDIUM | 4.4 MEDIUM |
Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link. | |||||
CVE-2015-6244 | 2 Oracle, Wireshark | 3 Linux, Solaris, Wireshark | 2024-02-28 | 4.3 MEDIUM | N/A |
The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
CVE-2015-5044 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-02-28 | 3.3 LOW | N/A |
The Flow Collector in IBM Security QRadar QFLOW 7.1.x before 7.1 MR2 Patch 11 IF3 and 7.2.x before 7.2.5 Patch 4 IF3 allows remote attackers to cause a denial of service via unspecified packets. | |||||
CVE-2016-1479 | 1 Cisco | 2 Ip Phone 8800, Ip Phone 8800 Series Firmware | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
Cisco IP Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of service (memory corruption) via a crafted HTTP request, aka Bug ID CSCuz03038. | |||||
CVE-2015-4499 | 1 Mozilla | 1 Bugzilla | 2024-02-28 | 7.5 HIGH | N/A |
Util.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.15, 4.3.x and 4.4.x before 4.4.10, and 5.x before 5.0.1 mishandles long e-mail addresses during account registration, which allows remote attackers to obtain the default privileges for an arbitrary domain name by placing that name in a substring of an address, as demonstrated by truncation of an @mozilla.com.example.com address to an @mozilla.com address. | |||||
CVE-2016-1541 | 1 Libarchive | 1 Libarchive | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive. | |||||
CVE-2015-7749 | 1 Juniper | 1 Junos | 2024-02-28 | 7.8 HIGH | N/A |
The PFE daemon in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service via an unspecified connection request to the "host-OS." |