Total
9738 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-8019 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call. | |||||
CVE-2016-1800 | 1 Apple | 1 Mac Os X | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
Captive Network Assistant in Apple OS X before 10.11.5 mishandles a custom URL scheme, which allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2015-3837 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | N/A |
The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute arbitrary code via an application that sends a crafted Intent, aka internal bug 21437603. | |||||
CVE-2015-3726 | 1 Apple | 1 Iphone Os | 2024-02-28 | 4.6 MEDIUM | N/A |
The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card. | |||||
CVE-2016-6178 | 1 Huawei | 10 Cloudengine 12800, Cloudengine 12800 Firmware, Cx600 and 7 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Huawei NE40E and CX600 devices with software before V800R007SPH017; PTN 6900-2-M8 devices with software before V800R007SPH019; NE5000E devices with software before V800R006SPH018; and CloudEngine devices 12800 with software before V100R003SPH010 and V100R005 before V100R005SPH006 allow remote attackers with control plane access to cause a denial of service or execute arbitrary code via a crafted packet. | |||||
CVE-2015-0850 | 1 Fusionforge | 1 Fusionforge | 2024-02-28 | 10.0 HIGH | N/A |
The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository. | |||||
CVE-2016-2495 | 1 Google | 1 Android | 2024-02-28 | 7.1 HIGH | 5.5 MEDIUM |
SampleTable.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28076789. | |||||
CVE-2016-7965 | 1 Dokuwiki | 1 Dokuwiki | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the baseurl setting as part of the password-reset URL. This can lead to phishing attacks. (A remote unauthenticated attacker can change the URL's hostname via the HTTP Host header.) The vulnerability can be triggered only if the Host header is not part of the web server routing process (e.g., if several domains are served by the same web server). | |||||
CVE-2015-0717 | 1 Cisco | 1 Unified Communications Manager | 2024-02-28 | 6.9 MEDIUM | N/A |
Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546. | |||||
CVE-2015-5311 | 1 Powerdns | 1 Authoritative | 2024-02-28 | 5.0 MEDIUM | N/A |
PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service (assertion failure and server crash) via crafted query packets. | |||||
CVE-2016-1450 | 1 Cisco | 1 Webex Meetings Server | 2024-02-28 | 6.0 MEDIUM | 7.5 HIGH |
Cisco WebEx Meetings Server 2.6 allows remote authenticated users to conduct command-injection attacks via vectors related to an upload's file type, aka Bug ID CSCuy92715. | |||||
CVE-2016-6128 | 5 Canonical, Debian, Libgd and 2 more | 5 Ubuntu Linux, Debian Linux, Libgd and 2 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index. | |||||
CVE-2015-8736 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not reserve memory for a trailer, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file. | |||||
CVE-2016-1463 | 1 Cisco | 1 Firesight System Software | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737. | |||||
CVE-2016-1472 | 1 Cisco | 1 Small Business 220 Series Smart Plus Switches | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to cause a denial of service (interface outage) via a crafted HTTP request, aka Bug ID CSCuz76238. | |||||
CVE-2015-7079 | 1 Apple | 2 Iphone Os, Tvos | 2024-02-28 | 9.3 HIGH | N/A |
dyld in Apple iOS before 9.2 and tvOS before 9.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
CVE-2015-8899 | 2 Canonical, Thekelleys | 2 Ubuntu Linux, Dnsmasq | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally. | |||||
CVE-2016-1288 | 1 Cisco | 1 Web Security Appliance | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x before 9.0.0-485 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (service outage) by leveraging certain intranet connectivity and sending a malformed HTTPS request, aka Bug ID CSCuu24840. | |||||
CVE-2015-0760 | 1 Cisco | 1 Adaptive Security Appliance Software | 2024-02-28 | 4.0 MEDIUM | N/A |
The IKEv1 implementation in Cisco ASA Software 7.x, 8.0.x, 8.1.x, and 8.2.x before 8.2.2.13 allows remote authenticated users to bypass XAUTH authentication via crafted IKEv1 packets, aka Bug ID CSCus47259. | |||||
CVE-2016-1752 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-02-28 | 7.1 HIGH | 5.5 MEDIUM |
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to cause a denial of service via a crafted app. |