Total
9738 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-4497 | 1 Panasonic | 1 Fpwin Pro | 2024-02-28 | 6.8 MEDIUM | 4.2 MEDIUM |
Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | |||||
CVE-2016-0801 | 2 Apple, Google | 5 Iphone Os, Mac Os X, Tvos and 2 more | 2024-02-28 | 8.3 HIGH | 9.8 CRITICAL |
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029. | |||||
CVE-2015-8737 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The mp2t_open function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not validate the bit rate, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. | |||||
CVE-2015-5722 | 2 Apple, Isc | 2 Mac Os X Server, Bind | 2024-02-28 | 7.8 HIGH | N/A |
buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone. | |||||
CVE-2015-2951 | 1 F21 | 1 Jwt | 2024-02-28 | 5.0 MEDIUM | N/A |
JWT.php in F21 JWT before 2.0 allows remote attackers to bypass signature verification via crafted tokens. | |||||
CVE-2015-2459 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2024-02-28 | 9.3 HIGH | N/A |
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2458 and CVE-2015-2461. | |||||
CVE-2015-6172 | 1 Microsoft | 3 Office, Office Compatibility Pack, Word | 2024-02-28 | 9.3 HIGH | N/A |
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted email message processed by Outlook, aka "Microsoft Office RCE Vulnerability." | |||||
CVE-2015-3234 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2024-02-28 | 4.3 MEDIUM | N/A |
The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers. | |||||
CVE-2016-4165 | 1 Adobe | 1 Brackets | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
The extension manager in Adobe Brackets before 1.7 allows attackers to have an unspecified impact via invalid input. | |||||
CVE-2015-6987 | 1 Apple | 1 Mac Os X | 2024-02-28 | 2.1 LOW | N/A |
The File Bookmark component in Apple OS X before 10.11.1 allows local users to cause a denial of service (application crash) via crafted bookmark metadata in a folder. | |||||
CVE-2015-6247 | 2 Oracle, Wireshark | 2 Solaris, Wireshark | 2024-02-28 | 4.3 MEDIUM | N/A |
The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | |||||
CVE-2016-1345 | 1 Cisco | 2 Asa With Firepower Services, Firesight System Software | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726. | |||||
CVE-2015-8704 | 1 Isc | 1 Bind | 2024-02-28 | 6.8 MEDIUM | 6.5 MEDIUM |
apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record. | |||||
CVE-2015-8731 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. | |||||
CVE-2015-7931 | 1 Adcon | 1 A840 Telemetry Gateway Base Station Firmware | 2024-02-28 | 5.8 MEDIUM | 8.7 HIGH |
The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information by reading cleartext packet data, related to the lack of SSL support. | |||||
CVE-2015-8923 | 3 Canonical, Libarchive, Novell | 5 Ubuntu Linux, Libarchive, Suse Linux Enterprise Desktop and 2 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file. | |||||
CVE-2015-8946 | 2 Canonical, Ecryptfs | 2 Ubuntu Linux, Ecryptfs-utils | 2024-02-28 | 2.1 LOW | 3.3 LOW |
ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified vectors. | |||||
CVE-2015-7374 | 1 Indusoft | 1 Web Studio | 2024-02-28 | 7.5 HIGH | N/A |
The Remote Agent component in Schneider Electric InduSoft Web Studio before 8.0 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-2649. | |||||
CVE-2016-5141 | 1 Google | 1 Chrome | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional URL for an initially empty document, related to FrameLoader.cpp and ScopedPageLoadDeferrer.cpp. | |||||
CVE-2016-4324 | 3 Canonical, Debian, Libreoffice | 3 Ubuntu Linux, Debian Linux, Libreoffice | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens. |