Total
9738 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-7545 | 4 Canonical, Git Project, Opensuse and 1 more | 4 Ubuntu Linux, Git, Opensuse and 1 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule. | |||||
CVE-2015-2412 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 4.3 MEDIUM | N/A |
Microsoft Internet Explorer 10 and 11 allows remote attackers to read arbitrary local files via a crafted pathname, aka "Internet Explorer Information Disclosure Vulnerability." | |||||
CVE-2015-6334 | 1 Cisco | 1 Asr 5000 Software | 2024-02-28 | 5.0 MEDIUM | N/A |
Cisco ASR 5000 and 5500 devices with software 18.0.0.57828 and 19.0.M0.61045 allow remote attackers to cause a denial of service (vpnmgr process restart) via a crafted header in a TACACS packet, aka Bug ID CSCuw01984. | |||||
CVE-2015-6821 | 1 Ffmpeg | 1 Ffmpeg | 2024-02-28 | 7.5 HIGH | N/A |
The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted MPEG data. | |||||
CVE-2015-4316 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2024-02-28 | 5.5 MEDIUM | N/A |
The Mobile and Remote Access (MRA) endpoint-validation feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly validates the phone line used for registration, which allows remote authenticated users to conduct impersonation attacks via a crafted registration, aka Bug ID CSCuv40396. | |||||
CVE-2016-4498 | 1 Panasonic | 1 Fpwin Pro | 2024-02-28 | 6.8 MEDIUM | 5.5 MEDIUM |
Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an uninitialized pointer, which allows local users to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2015-5945 | 1 Apple | 1 Mac Os X | 2024-02-28 | 7.2 HIGH | N/A |
The Sandbox subsystem in Apple OS X before 10.11.1 allows local users to gain privileges via vectors involving NVRAM parameters. | |||||
CVE-2015-8716 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
CVE-2016-2526 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark 2.0.x before 2.0.2 does not validate the data type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. | |||||
CVE-2016-3000 | 1 Ibm | 1 Connections | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
The help service in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to cause a denial of service (service degradation) via a crafted URL. | |||||
CVE-2016-8278 | 1 Huawei | 3 Usg9520, Usg9560, Usg9580 | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote attackers to cause a denial of service (device restart) via an unspecified URL. | |||||
CVE-2016-2844 | 1 Google | 1 Chrome | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service (incorrect cast and assertion failure) or possibly have unspecified other impact via crafted JavaScript code. | |||||
CVE-2016-1983 | 1 Privoxy | 1 Privoxy | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header. | |||||
CVE-2016-1284 | 1 Isc | 1 Bind | 2024-02-28 | 2.6 LOW | 5.9 MEDIUM |
rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via crafted flag values in a query. | |||||
CVE-2015-5235 | 3 Fedoraproject, Opensuse, Redhat | 7 Fedora, Opensuse, Enterprise Linux Desktop and 4 more | 2024-02-28 | 4.3 MEDIUM | N/A |
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page. | |||||
CVE-2015-6318 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2024-02-28 | 6.9 MEDIUM | N/A |
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 and X8.5.2 allows local users to write to arbitrary files via an unspecified symlink attack, aka Bug ID CSCuv11969. | |||||
CVE-2016-2088 | 1 Isc | 1 Bind | 2024-02-28 | 4.3 MEDIUM | 6.8 MEDIUM |
resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option. | |||||
CVE-2015-6248 | 2 Oracle, Wireshark | 3 Linux, Solaris, Wireshark | 2024-02-28 | 4.3 MEDIUM | N/A |
The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
CVE-2015-8227 | 1 Huawei | 2 Vp9660, Vp 9660 Firmware | 2024-02-28 | 8.5 HIGH | N/A |
The built-in web server in Huawei VP9660 multi-point control unit with software before V200R001C30SPC700 allows remote administrators to obtain sensitive information or cause a denial of service via a crafted message. | |||||
CVE-2016-6512 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors. |