Total
9737 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-5353 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the reserved C/T value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
CVE-2016-0785 | 1 Apache | 1 Struts | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. | |||||
CVE-2016-1569 | 1 Firebirdsql | 1 Firebird | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
FireBird 2.5.5 allows remote authenticated users to cause a denial of service (daemon crash) by using service manager to invoke the gbak utility with an invalid parameter. | |||||
CVE-2016-1481 | 1 Cisco | 1 Email Security Appliance | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter that contains certain rules. More Information: CSCux59873. Known Affected Releases: 8.5.6-106 9.1.0-032 9.7.0-125. Known Fixed Releases: 9.1.1-038 9.7.1-066. | |||||
CVE-2015-6602 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | N/A |
libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x. | |||||
CVE-2016-2170 | 1 Apache | 1 Ofbiz | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | |||||
CVE-2016-8277 | 1 Huawei | 3 Usg9520, Usg9560, Usg9580 | 2024-02-28 | 6.8 MEDIUM | 6.5 MEDIUM |
Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote authenticated users to cause a denial of service (device restart) via an unspecified command parameter. | |||||
CVE-2016-1382 | 1 Cisco | 2 Web Security Appliance, Web Security Appliance \(wsa\) | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security Appliance (WSA) devices mishandles memory allocation for HTTP requests, which allows remote attackers to cause a denial of service (proxy-process reload) via a crafted request, aka Bug ID CSCuu02529. | |||||
CVE-2016-3646 | 1 Symantec | 18 Advanced Threat Protection, Csapi, Data Center Security Server and 15 more | 2024-02-28 | 10.0 HIGH | 8.4 HIGH |
The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation) via a crafted ZIP archive that is mishandled during decompression. | |||||
CVE-2016-3071 | 2 Fedoraproject, Libreswan | 2 Fedora, Libreswan | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform. | |||||
CVE-2016-3094 | 1 Apache | 1 Qpid Broker-j | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service (broker termination) via a crafted authentication attempt, which triggers an uncaught exception. | |||||
CVE-2015-3994 | 1 Sap | 1 Hana | 2024-02-28 | 4.0 MEDIUM | N/A |
The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, aka SAP Security Note 2109818. | |||||
CVE-2015-2462 | 1 Microsoft | 10 .net Framework, Windows 10, Windows 7 and 7 more | 2024-02-28 | 9.3 HIGH | N/A |
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability." | |||||
CVE-2014-9864 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747998 and Qualcomm internal bug CR561841. | |||||
CVE-2015-6104 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2024-02-28 | 9.3 HIGH | N/A |
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-6103. | |||||
CVE-2015-4184 | 1 Cisco | 1 Email Security Appliance | 2024-02-28 | 5.0 MEDIUM | N/A |
The anti-spam scanner on Cisco Email Security Appliance (ESA) devices 3.3.1-09, 7.5.1-gpl-022, and 8.5.6-074 allows remote attackers to bypass intended e-mail restrictions via a malformed DNS SPF record, aka Bug IDs CSCuu35853 and CSCuu37733. | |||||
CVE-2015-2431 | 1 Microsoft | 4 Live Meeting, Lync, Lync Basic and 1 more | 2024-02-28 | 9.3 HIGH | N/A |
Microsoft Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, and Lync Basic 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office Graphics Library (OGL) font, aka "Microsoft Office Graphics Component Remote Code Execution Vulnerability." | |||||
CVE-2016-1442 | 1 Cisco | 1 Prime Infrastructure | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
The administrative web interface in Cisco Prime Infrastructure (PI) before 3.1.1 allows remote authenticated users to execute arbitrary commands via crafted field values, aka Bug ID CSCuy96280. | |||||
CVE-2015-7794 | 1 Corega | 1 Cg-wlncm4g Firmware | 2024-02-28 | 5.0 MEDIUM | 5.8 MEDIUM |
Corega CG-WLNCM4G devices provide an open DNS resolver, which allows remote attackers to cause a denial of service (traffic amplification) via crafted queries. | |||||
CVE-2016-1483 | 1 Cisco | 1 Webex Meetings Server | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
Cisco WebEx Meetings Server 2.6 allows remote attackers to cause a denial of service (CPU consumption) by repeatedly accessing the account-validation component of an unspecified service, aka Bug ID CSCuy92704. |