Total
9737 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-0679 | 1 Cisco | 1 Wireless Lan Controller Software | 2024-02-28 | 6.1 MEDIUM | N/A |
The web-authentication functionality on Cisco Wireless LAN Controller (WLC) devices 7.3(103.8) and 7.4(110.0) allows remote attackers to cause a denial of service (device reload) via a malformed password, aka Bug ID CSCui57980. | |||||
CVE-2013-2037 | 2 Canonical, Httplib2 Project | 2 Ubuntu Linux, Httplib2 | 2024-02-28 | 2.6 LOW | N/A |
httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
CVE-2014-0954 | 1 Ibm | 1 Websphere Portal | 2024-02-28 | 6.8 MEDIUM | N/A |
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 does not validate JSP includes, which allows remote attackers to obtain sensitive information, bypass intended request-dispatcher access restrictions, or cause a denial of service (memory consumption) via a crafted URL. | |||||
CVE-2014-0865 | 1 Ibm | 2 Algo Credit Limits, Algorithmics | 2024-02-28 | 4.9 MEDIUM | N/A |
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via crafted serialized objects, as demonstrated by limit manipulations. | |||||
CVE-2014-3823 | 1 Juniper | 1 Junos Pulse Secure Access Service | 2024-02-28 | 4.3 MEDIUM | N/A |
The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||||
CVE-2012-5723 | 1 Cisco | 9 Asr 1001, Asr 1002, Asr 1002-x and 6 more | 2024-02-28 | 6.1 MEDIUM | N/A |
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948. | |||||
CVE-2014-2980 | 1 Gnustep | 1 Base | 2024-02-28 | 4.3 MEDIUM | N/A |
Tools/gdomap.c in gdomap in GNUstep Base 1.24.6 and earlier, when run in daemon mode, does not properly handle the file descriptor for the logger, which allows remote attackers to cause a denial of service (abort) via an invalid request. | |||||
CVE-2014-0634 | 1 Emc | 1 Vplex Geosynchrony | 2024-02-28 | 6.0 MEDIUM | N/A |
EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | |||||
CVE-2014-8824 | 1 Apple | 1 Mac Os X | 2024-02-28 | 10.0 HIGH | N/A |
The kernel in Apple OS X before 10.10.2 does not properly validate IODataQueue object metadata fields, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
CVE-2015-1782 | 3 Debian, Fedoraproject, Libssh2 | 3 Debian Linux, Fedora, Libssh2 | 2024-02-28 | 6.8 MEDIUM | N/A |
The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet. | |||||
CVE-2013-2828 | 1 Osisoft | 1 Pi Interface | 2024-02-28 | 4.7 MEDIUM | N/A |
The DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54 for DNP3 allows physically proximate attackers to cause a denial of service (interface shutdown) via crafted input over a serial line. | |||||
CVE-2014-5375 | 1 Adaptivecomputing | 1 Moab | 2024-02-28 | 4.0 MEDIUM | N/A |
The server in Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 does not properly validate the message owner matches the submitting user, which allows remote authenticated users to impersonate arbitrary users via the UserId and Owner tags. | |||||
CVE-2013-2829 | 1 Matrikonopc | 1 Scada Dnp3 Opc Server | 2024-02-28 | 7.1 HIGH | N/A |
MatrikonOPC SCADA DNP3 OPC Server 1.2.2.0 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed DNP3 packet. | |||||
CVE-2014-8755 | 1 Panasonic | 1 Network Camera View | 2024-02-28 | 6.8 MEDIUM | N/A |
Panasonic Network Camera View 3 and 4 allows remote attackers to execute arbitrary code via a crafted page, which triggers an invalid pointer dereference, related to "the ability to nullify an arbitrary address in memory." | |||||
CVE-2014-3283 | 1 Cisco | 1 Unified Communications Domain Manager | 2024-02-28 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in Self-Care Client Portal applications in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka Bug ID CSCun79731. | |||||
CVE-2014-8416 | 1 Digium | 1 Asterisk | 2024-02-28 | 5.0 MEDIUM | N/A |
Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the res_pjsip_refer module, allows remote attackers to cause a denial of service (crash) via an in-dialog INVITE with Replaces message, which triggers the channel to be hung up. | |||||
CVE-2015-1043 | 1 Vmware | 3 Fusion, Player, Workstation | 2024-02-28 | 3.3 LOW | N/A |
The Host Guest File System (HGFS) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware Fusion 6.x before 6.0.5 and 7.x before 7.0.1 allows guest OS users to cause a guest OS denial of service via unspecified vectors. | |||||
CVE-2014-4833 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-02-28 | 6.5 MEDIUM | N/A |
IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote authenticated users to gain privileges via invalid input. | |||||
CVE-2015-1787 | 1 Openssl | 1 Openssl | 2024-02-28 | 2.6 LOW | N/A |
The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero. | |||||
CVE-2013-6453 | 1 Mediawiki | 1 Mediawiki | 2024-02-28 | 7.5 HIGH | N/A |
MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML. |