Total
9737 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-0636 | 1 Cisco | 2 Ios, Ios Xe | 2024-02-28 | 7.8 HIGH | N/A |
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (disrupted domain access) via spoofed AN messages that reset a finite state machine, aka Bug ID CSCup62293. | |||||
CVE-2013-4197 | 1 Plone | 1 Plone | 2024-02-28 | 5.5 MEDIUM | N/A |
member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors. | |||||
CVE-2014-3730 | 4 Canonical, Debian, Djangoproject and 1 more | 4 Ubuntu Linux, Debian Linux, Django and 1 more | 2024-02-28 | 4.3 MEDIUM | N/A |
The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com." | |||||
CVE-2014-0922 | 1 Ibm | 2 Messagesight, Messagesight Jms Client | 2024-02-28 | 4.3 MEDIUM | N/A |
IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (resource consumption) via WebSockets MQ Telemetry Transport (MQTT) data. | |||||
CVE-2014-9371 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-02-28 | 10.0 HIGH | N/A |
The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object. | |||||
CVE-2014-2157 | 1 Cisco | 13 Tandberg 2000 Mxp, Tandberg 550 Mxp, Tandberg 770 Mxp and 10 more | 2024-02-28 | 7.1 HIGH | N/A |
Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45733. | |||||
CVE-2014-4323 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.5 HIGH | N/A |
The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP display driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain start and length values within an ioctl call, which allows attackers to gain privileges via a crafted application. | |||||
CVE-2014-9509 | 1 Typo3 | 1 Typo3 | 2024-02-28 | 7.5 HIGH | N/A |
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a "Cache Poisoning" attack using a URL with arbitrary arguments, which triggers a reload of the page. | |||||
CVE-2014-6430 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 5.0 MEDIUM | N/A |
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | |||||
CVE-2013-3980 | 1 Ibm | 1 Sametime | 2024-02-28 | 5.0 MEDIUM | N/A |
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to cause a denial of service (room unusability) by generating a large number of fictitious users to enter a meeting room. | |||||
CVE-2014-1725 | 1 Google | 1 Chrome | 2024-02-28 | 5.0 MEDIUM | N/A |
The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 34.0.1847.116, does not properly handle string data composed exclusively of whitespace characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via a window.atob method call. | |||||
CVE-2014-6159 | 1 Ibm | 1 Db2 | 2024-02-28 | 3.5 LOW | N/A |
IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 through FP4 on Linux, UNIX, and Windows, when immediate AUTO_REVAL is enabled, allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement. | |||||
CVE-2014-3021 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 5.0 MEDIUM | N/A |
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 does not properly handle HTTP headers, which allows remote attackers to obtain sensitive cookie and authentication data via an unspecified HTTP method. | |||||
CVE-2015-0606 | 1 Cisco | 1 Ios | 2024-02-28 | 4.9 MEDIUM | N/A |
The IOS Shell in Cisco IOS allows local users to cause a denial of service (device crash) via unspecified commands, aka Bug ID CSCur59696. | |||||
CVE-2015-0676 | 1 Cisco | 1 Adaptive Security Appliance Software | 2024-02-28 | 7.1 HIGH | N/A |
The DNS implementation in Cisco Adaptive Security Appliance (ASA) Software 7.2 before 7.2(5.16), 8.2 before 8.2(5.57), 8.3 before 8.3(2.44), 8.4 before 8.4(7.28), 8.5 before 8.5(1.24), 8.6 before 8.6(1.17), 8.7 before 8.7(1.16), 9.0 before 9.0(4.33), 9.1 before 9.1(6.1), 9.2 before 9.2(3.4), and 9.3 before 9.3(3) allows man-in-the-middle attackers to cause a denial of service (memory consumption or device outage) by triggering outbound DNS queries and then sending crafted responses to these queries, aka Bug ID CSCuq77655. | |||||
CVE-2014-8160 | 6 Canonical, Debian, Linux and 3 more | 15 Ubuntu Linux, Debian Linux, Linux Kernel and 12 more | 2024-02-28 | 5.0 MEDIUM | N/A |
net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers. | |||||
CVE-2014-0244 | 1 Samba | 1 Samba | 2024-02-28 | 3.3 LOW | N/A |
The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet. | |||||
CVE-2011-4407 | 1 Canonical | 2 Software-properties, Ubuntu Linux | 2024-02-28 | 4.3 MEDIUM | N/A |
ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository. | |||||
CVE-2012-5336 | 1 Owncloud | 1 Owncloud | 2024-02-28 | 4.0 MEDIUM | N/A |
lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV. | |||||
CVE-2014-7241 | 1 Tsutaya | 1 Tsutaya | 2024-02-28 | 6.8 MEDIUM | N/A |
The TSUTAYA application 5.3 and earlier for Android allows remote attackers to execute arbitrary Java methods via a crafted HTML document. |