Total
9737 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0747 | 1 Cisco | 3 Headend Digital Broadband Delivery System, Headend System Release, Videoscape Conductor | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release allow remote attackers to inject arbitrary cookies via a crafted HTTP request, aka Bug ID CSCuh25408. | |||||
| CVE-2015-4648 | 1 Panasonic | 1 Security Api Activex Sdk | 2024-02-28 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the Ipropsapi.ipropsapiCtrl.1 ActiveX control in ipropsapivideo in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allows remote attackers to execute arbitrary code via a long string to the MulticastAddr method. | |||||
| CVE-2015-3330 | 4 Apple, Oracle, Php and 1 more | 11 Mac Os X, Linux, Solaris and 8 more | 2024-02-28 | 6.8 MEDIUM | N/A |
| The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter." | |||||
| CVE-2015-6824 | 2 Canonical, Ffmpeg | 2 Ubuntu Linux, Ffmpeg | 2024-02-28 | 7.5 HIGH | N/A |
| The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data. | |||||
| CVE-2015-6300 | 1 Cisco | 1 Secure Access Control Server | 2024-02-28 | 4.0 MEDIUM | N/A |
| Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands, aka Bug ID CSCuw24694. | |||||
| CVE-2016-2201 | 1 Siemens | 15 Simatic S7-1500 Cpu Firmware, Simatic S7-1511-1 Pn Cpu, Simatic S7-1511c-1 Pn Cpu and 12 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to bypass a replay protection mechanism via packets on TCP port 102. | |||||
| CVE-2015-0770 | 1 Cisco | 1 Telepresence Tc Software | 2024-02-28 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 and 7.x before 7.3.3 on Integrator C SX20 devices allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL, aka Bug ID CSCut79341. | |||||
| CVE-2015-8219 | 1 Ffmpeg | 1 Ffmpeg | 2024-02-28 | 7.5 HIGH | N/A |
| The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.2 does not enforce minimum-value and maximum-value constraints on tile coordinates, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data. | |||||
| CVE-2015-3787 | 1 Apple | 1 Mac Os X | 2024-02-28 | 3.3 LOW | N/A |
| The Bluetooth subsystem in Apple OS X before 10.10.5 allows remote attackers to cause a denial of service via malformed Bluetooth ACL packets. | |||||
| CVE-2015-5296 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2024-02-28 | 4.3 MEDIUM | 5.4 MEDIUM |
| Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c. | |||||
| CVE-2016-6356 | 1 Cisco | 1 Email Security Appliance | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. More Information: CSCuz63143. Known Affected Releases: 8.5.7-042 9.7.0-125. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047. | |||||
| CVE-2015-6849 | 1 Emc | 1 Networker | 2024-02-28 | 7.8 HIGH | N/A |
| EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x before 8.2.2.2, and 9.0 before build 407 allows remote attackers to cause a denial of service (process outage) via malformed RPC authentication messages. | |||||
| CVE-2015-2472 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2024-02-28 | 4.3 MEDIUM | N/A |
| Remote Desktop Session Host (RDSH) in Remote Desktop Protocol (RDP) through 8.1 in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify certificates, which allows man-in-the-middle attackers to spoof clients via a crafted certificate with valid Issuer and Serial Number fields, aka "Remote Desktop Session Host Spoofing Vulnerability." | |||||
| CVE-2016-2524 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2016-1660 | 3 Google, Opensuse, Redhat | 6 Chrome, Opensuse, Enterprise Linux Desktop Supplementary and 3 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted web site. | |||||
| CVE-2016-3185 | 1 Php | 1 Php | 2024-02-28 | 6.4 MEDIUM | 7.1 HIGH |
| The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c. | |||||
| CVE-2016-4049 | 2 Opensuse, Quagga | 3 Leap, Opensuse, Quagga | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and daemon crash) via a large BGP packet. | |||||
| CVE-2015-4652 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-02-28 | 4.3 MEDIUM | N/A |
| epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the de_emerg_num_list and de_bcd_num functions. | |||||
| CVE-2016-5251 | 1 Mozilla | 1 Firefox | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL. | |||||
| CVE-2015-5837 | 1 Apple | 2 Iphone Os, Watchos | 2024-02-28 | 4.3 MEDIUM | N/A |
| PluginKit in Apple iOS before 9 allows attackers to bypass an intended app-trust requirement and install arbitrary extensions via a crafted enterprise app. | |||||