Total
9738 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-1942 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2024-02-28 | 9.3 HIGH | N/A |
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to write to arbitrary files, and subsequently execute these files, via a crafted TCP packet to an unspecified port. | |||||
CVE-2016-1661 | 3 Google, Opensuse, Redhat | 6 Chrome, Opensuse, Enterprise Linux Desktop Supplementary and 3 more | 2024-02-28 | 8.3 HIGH | 8.0 HIGH |
Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted web site, related to BindingSecurity.cpp and DOMWindow.cpp. | |||||
CVE-2016-4518 | 1 Osisoft | 1 Pi Af Server 2016 | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
OSIsoft PI AF Server before 2016 2.8.0 allows remote authenticated users to cause a denial of service (service outage) via a message. | |||||
CVE-2016-0889 | 1 Dell | 1 Emc Unisphere | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname. | |||||
CVE-2016-2562 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 5.8 MEDIUM | 6.8 MEDIUM |
The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2016-2776 | 3 Hp, Isc, Oracle | 5 Hp-ux, Bind, Linux and 2 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. | |||||
CVE-2015-1980 | 1 Ibm | 1 Infosphere Master Data Management | 2024-02-28 | 3.5 LOW | N/A |
IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. | |||||
CVE-2015-7047 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-02-28 | 7.2 HIGH | N/A |
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed. | |||||
CVE-2015-7416 | 2 Ibm, Microsoft | 2 I Access, Windows | 2024-02-28 | 2.1 LOW | 4.0 MEDIUM |
AFP Workbench Viewer in IBM i Access 7.1 on Windows allows remote attackers to cause a denial of service (viewer crash) via a crafted workbench file. | |||||
CVE-2016-4852 | 2 Aki-null, Apple | 2 Yorufukurou, Mac Os X | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
YoruFukurou (NightOwl) before 2.85 relies on support for emoji skin-tone modifiers even though this support is missing from the CoreText CTFramesetter API on OS X 10.9, which allows remote attackers to cause a denial of service (application crash) via a crafted emoji character sequence. | |||||
CVE-2016-0913 | 1 Emc | 2 Networker Module For Microsoft Applications, Replication Manager | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The client in EMC Replication Manager (RM) before 5.5.3.0_01-PatchHotfix, EMC Network Module for Microsoft 3.x, and EMC Networker Module for Microsoft 8.2.x before 8.2.3.6 allows remote RM servers to execute arbitrary commands by placing a crafted script in an SMB share. | |||||
CVE-2016-3743 | 1 Google | 1 Android | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-07-01 does not initialize certain data structures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 27907656. | |||||
CVE-2015-7558 | 2 Debian, Gnome | 2 Debian Linux, Librsvg | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document. | |||||
CVE-2015-8742 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. | |||||
CVE-2015-7231 | 1 Drupalcommerce | 1 Commerce Commonwealth | 2024-02-28 | 5.0 MEDIUM | N/A |
The Commerce Commonwealth (CBA) module 7.x-1.x before 7.x-1.5 for Drupal does not properly validate payments, which allows remote attackers to make a failed payment appear valid via a crafted URL, related to a "response from commweb." | |||||
CVE-2016-6694 | 1 Google | 1 Android | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via crafted parameter data, aka Qualcomm internal bug CR 1033525. | |||||
CVE-2015-8360 | 1 Atlassian | 1 Bamboo | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port. | |||||
CVE-2015-3966 | 1 Innominate | 1 Mguard Firmware | 2024-02-28 | 4.0 MEDIUM | N/A |
The IPsec SA establishment process on Innominate mGuard devices with firmware 8.x before 8.1.7 allows remote authenticated users to cause a denial of service (VPN service restart) by leveraging a peer relationship to send a crafted configuration with compression. | |||||
CVE-2016-3678 | 1 Huawei | 10 S5300, S5300 Firmware, S5700 and 7 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with software before V200R003SPH012 allow remote attackers to cause a denial of service (switch restart) via crafted traffic. | |||||
CVE-2015-8721 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet with zlib compression. |