Total
9737 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-2108 | 1 Cisco | 2 Ios, Ios Xe | 2024-02-28 | 7.8 HIGH | N/A |
Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.2 through 3.7 before 3.7.5S and 3.8 through 3.10 before 3.10.1S allow remote attackers to cause a denial of service (device reload) via a malformed IKEv2 packet, aka Bug ID CSCui88426. | |||||
CVE-2014-2739 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.6 MEDIUM | N/A |
The cma_req_handler function in drivers/infiniband/core/cma.c in the Linux kernel 3.14.x through 3.14.1 attempts to resolve an RDMA over Converged Ethernet (aka RoCE) address that is properly resolved within a different module, which allows remote attackers to cause a denial of service (incorrect pointer dereference and system crash) via crafted network traffic. | |||||
CVE-2015-0810 | 2 Apple, Mozilla | 2 Mac Os X, Firefox | 2024-02-28 | 4.3 MEDIUM | N/A |
Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements associated with layered presentation, and crafted JavaScript code that interacts with an IMG element. | |||||
CVE-2014-2779 | 1 Microsoft | 1 Malware Protection Engine | 2024-02-28 | 4.3 MEDIUM | N/A |
mpengine.dll in Microsoft Malware Protection Engine before 1.1.10701.0 allows remote attackers to cause a denial of service (system hang) via a crafted file. | |||||
CVE-2014-3971 | 1 Mongodb | 1 Mongodb | 2024-02-28 | 5.0 MEDIUM | N/A |
The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate. | |||||
CVE-2014-3645 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 2.1 LOW | N/A |
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. | |||||
CVE-2015-0597 | 1 Cisco | 1 Webex Meetings Server | 2024-02-28 | 5.0 MEDIUM | N/A |
The Forgot Password feature in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to enumerate administrative accounts via crafted packets, aka Bug IDs CSCuj67166 and CSCuj67159. | |||||
CVE-2014-2161 | 1 Cisco | 13 Tandberg 2000 Mxp, Tandberg 550 Mxp, Tandberg 770 Mxp and 10 more | 2024-02-28 | 7.8 HIGH | N/A |
The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCty45731. | |||||
CVE-2014-4465 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2024-02-28 | 5.0 MEDIUM | N/A |
WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element. | |||||
CVE-2014-5243 | 1 Mediawiki | 1 Mediawiki | 2024-02-28 | 4.3 MEDIUM | N/A |
MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | |||||
CVE-2013-3588 | 1 Zyxel | 11 P-660h-61, P-660h-63, P-660h-67 and 8 more | 2024-02-28 | 7.8 HIGH | N/A |
The web management interface on Zyxel P660 devices allows remote attackers to cause a denial of service (reboot) via a flood of TCP SYN packets. | |||||
CVE-2010-4777 | 1 Perl | 1 Perl | 2024-02-28 | 4.3 MEDIUM | N/A |
The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash. | |||||
CVE-2013-2014 | 2 Fedoraproject, Openstack | 2 Fedora, Keystone | 2024-02-28 | 5.0 MEDIUM | N/A |
OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests. | |||||
CVE-2014-0253 | 1 Microsoft | 1 .net Framework | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service (ASP.NET daemon hang) via crafted HTTP requests that trigger persistent resource consumption for a (1) stale or (2) closed connection, as exploited in the wild in February 2014, aka "POST Request DoS Vulnerability." | |||||
CVE-2015-0589 | 1 Cisco | 1 Webex Meetings Server | 2024-02-28 | 9.0 HIGH | N/A |
The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug ID CSCuj40460. | |||||
CVE-2013-3997 | 1 Ibm | 1 Infosphere Biginsights | 2024-02-28 | 4.9 MEDIUM | N/A |
Open redirect vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2014-0959 | 1 Ibm | 1 Websphere Portal | 2024-02-28 | 4.0 MEDIUM | N/A |
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote authenticated users to cause a denial of service (infinite loop) via a login redirect. | |||||
CVE-2013-7338 | 2 Apple, Python | 2 Mac Os X, Python | 2024-02-28 | 7.1 HIGH | N/A |
Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function. | |||||
CVE-2014-9584 | 7 Canonical, Debian, Linux and 4 more | 19 Ubuntu Linux, Debian Linux, Linux Kernel and 16 more | 2024-02-28 | 2.1 LOW | N/A |
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image. | |||||
CVE-2014-2234 | 1 Apple | 1 Mac Os X | 2024-02-28 | 6.4 MEDIUM | N/A |
A certain Apple patch for OpenSSL in Apple OS X 10.9.2 and earlier uses a Trust Evaluation Agent (TEA) feature without terminating certain TLS/SSL handshakes as specified in the SSL_CTX_set_verify callback function's documentation, which allows remote attackers to bypass extra verification within a custom application via a crafted certificate chain that is acceptable to TEA but not acceptable to that application. |