Total
9738 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-1484 | 1 Cisco | 1 Webex Meetings Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Cisco WebEx Meetings Server 2.6 allows remote attackers to bypass intended access restrictions and obtain sensitive application information via unspecified vectors, aka Bug ID CSCuy92724. | |||||
CVE-2016-1746 | 1 Apple | 1 Mac Os X | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1747. | |||||
CVE-2015-8879 | 1 Php | 1 Php | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table. | |||||
CVE-2015-5091 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-02-28 | 7.8 HIGH | N/A |
Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to cause a denial of service via invalid data. | |||||
CVE-2016-6411 | 1 Cisco | 1 Firesight System Software | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 mishandle comparisons between URLs and X.509 certificates, which allows remote attackers to bypass intended do-not-decrypt settings via a crafted URL, aka Bug ID CSCva50585. | |||||
CVE-2016-8579 | 1 Docker2aci Project | 1 Docker2aci | 2024-02-28 | 2.1 LOW | 4.0 MEDIUM |
docker2aci <= 0.12.3 has an infinite loop when handling local images with cyclic dependency chain. | |||||
CVE-2015-7072 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2024-02-28 | 9.3 HIGH | N/A |
dyld in Apple iOS before 9.2, tvOS before 9.1, and watchOS before 2.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
CVE-2016-4421 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifies deeply nested data. | |||||
CVE-2016-6153 | 3 Fedoraproject, Opensuse, Sqlite | 3 Fedora, Leap, Sqlite | 2024-02-28 | 4.6 MEDIUM | 5.9 MEDIUM |
os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files. | |||||
CVE-2016-0132 | 1 Microsoft | 1 .net Framework | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature validation for unspecified elements of XML documents, which allows remote attackers to spoof signatures via a modified document, aka ".NET XML Validation Security Feature Bypass." | |||||
CVE-2015-2854 | 1 Blue Coat | 8 Ssl Visibility Appliance Sv1800, Ssl Visibility Appliance Sv1800 Firmware, Ssl Visibility Appliance Sv2800 and 5 more | 2024-02-28 | 4.3 MEDIUM | N/A |
The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via vectors involving an IFRAME element. | |||||
CVE-2016-2098 | 2 Debian, Rubyonrails | 3 Debian Linux, Rails, Ruby On Rails | 2024-02-28 | 7.5 HIGH | 7.3 HIGH |
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method. | |||||
CVE-2015-3774 | 1 Apple | 1 Mac Os X | 2024-02-28 | 4.8 MEDIUM | N/A |
The Dictionary app in Apple OS X before 10.10.5 does not use HTTPS, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof word definitions by modifying the client-server data stream. | |||||
CVE-2015-6783 | 1 Google | 2 Android, Chrome | 2024-02-28 | 4.3 MEDIUM | N/A |
The FindStartOffsetOfFileInZipFile function in crazy_linker_zip.cpp in crazy_linker (aka Crazy Linker) in Android 5.x and 6.x, as used in Google Chrome before 47.0.2526.73, improperly searches for an EOCD record, which allows attackers to bypass a signature-validation requirement via a crafted ZIP archive. | |||||
CVE-2015-4604 | 2 Php, Redhat | 8 Php, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule. | |||||
CVE-2015-8040 | 1 Samsung | 1 Smartviewer | 2024-02-28 | 6.8 MEDIUM | N/A |
The rtsp_getdlsendtime method in the CNC_Ctrl control in Samsung SmartViewer allows remote attackers to execute arbitrary code via an index value. | |||||
CVE-2016-6259 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-02-28 | 4.9 MEDIUM | 6.2 MEDIUM |
Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check. | |||||
CVE-2015-6164 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 6.8 MEDIUM | N/A |
Microsoft Internet Explorer 9 through 11 improperly implements a cross-site scripting (XSS) protection mechanism, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, aka "Internet Explorer XSS Filter Bypass Vulnerability." | |||||
CVE-2015-2964 | 1 Namshi | 1 Namshi\/jose | 2024-02-28 | 5.0 MEDIUM | N/A |
NAMSHI | JOSE 5.0.0 and earlier allows remote attackers to bypass signature verification via crafted tokens in a JSON Web Tokens (JWT) header. | |||||
CVE-2015-8714 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. |