Total
9737 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-2187 | 2 Opensuse, Wireshark | 2 Opensuse, Wireshark | 2024-02-28 | 5.0 MEDIUM | N/A |
The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and application crash) via a crafted packet. | |||||
CVE-2014-3775 | 1 Libgadu | 1 Libgadu | 2024-02-28 | 7.5 HIGH | N/A |
libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin and other products, allows remote Gadu-Gadu file relay servers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted message. | |||||
CVE-2015-0980 | 1 Scadaengine | 1 Bacnet Opc Server | 2024-02-28 | 9.0 HIGH | N/A |
Format string vulnerability in BACnOPCServer.exe in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via format string specifiers in a request. | |||||
CVE-2014-1369 | 1 Apple | 1 Safari | 2024-02-28 | 4.3 MEDIUM | N/A |
WebKit in Apple Safari before 6.1.5 and 7.x before 7.0.5 allows user-assisted remote attackers to access file: URLs by leveraging a URL drag operation that originates at a crafted web site. | |||||
CVE-2012-1366 | 1 Cisco | 10 Asr 1001, Asr 1002, Asr 1002-x and 7 more | 2024-02-28 | 6.1 MEDIUM | N/A |
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544. | |||||
CVE-2014-2111 | 1 Cisco | 1 Ios | 2024-02-28 | 7.1 HIGH | N/A |
The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCue00996. | |||||
CVE-2011-4092 | 1 Ubuntu Developers | 1 Obby | 2024-02-28 | 5.8 MEDIUM | N/A |
obby (aka libobby) does not verify SSL server certificates, which allows remote attackers to spoof servers via an arbitrary certificate. | |||||
CVE-2014-2554 | 2 Opensuse, Otrs | 2 Opensuse, Otrs | 2024-02-28 | 4.3 MEDIUM | N/A |
OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element. | |||||
CVE-2014-0489 | 1 Debian | 1 Advanced Package Tool | 2024-02-28 | 7.5 HIGH | N/A |
APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package. | |||||
CVE-2013-7234 | 1 Simplemachines | 1 Simple Machines Forum | 2024-02-28 | 4.3 MEDIUM | N/A |
Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header. | |||||
CVE-2014-3817 | 1 Juniper | 13 Junos, Srx100, Srx110 and 10 more | 2024-02-28 | 7.8 HIGH | N/A |
Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D32, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 on SRX Series devices, when NAT protocol translation from IPv4 to IPv6 is enabled, allows remote attackers to cause a denial of service (flowd hang or crash) via a crafted packet. | |||||
CVE-2014-3814 | 1 Juniper | 3 Netscreen-5200, Netscreen-5400, Screenos | 2024-02-28 | 7.8 HIGH | N/A |
The Juniper Networks NetScreen Firewall devices with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via a sequence of malformed packets to the device IP. | |||||
CVE-2014-0628 | 1 Dell | 1 Bsafe Micro-edition-suite | 2024-02-28 | 5.0 MEDIUM | N/A |
The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.5 does not properly process certificate chains, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. | |||||
CVE-2013-2044 | 1 Owncloud | 1 Owncloud | 2024-02-28 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in the Login Page (index.php) in ownCloud before 5.0.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter. | |||||
CVE-2014-2744 | 2 Lightwitch, Prosody | 2 Metronome, Prosody | 2024-02-28 | 7.8 HIGH | N/A |
plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service (resource consumption) via compressed XML elements in an XMPP stream, aka an "xmppbomb" attack. | |||||
CVE-2014-3137 | 1 Bottlepy | 1 Bottle | 2024-02-28 | 6.8 MEDIUM | N/A |
Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Content-Type that would not be accepted, as demonstrated in YouCompleteMe to execute arbitrary code. | |||||
CVE-2014-9601 | 4 Fedoraproject, Opensuse, Oracle and 1 more | 4 Fedora, Opensuse, Solaris and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed. | |||||
CVE-2013-6032 | 1 Lexmark | 23 25xxn, C52x, C53x and 20 more | 2024-02-28 | 10.0 HIGH | N/A |
cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252, T64x before LS.ST.P344, X64xef through LC2.TI.P325, C935dn through LC.JO.P091, C920 through LS.TA.P152, C78x through LC.IO.P187, X78x through LC2.IO.P335, C77x through LC.CM.P052, X772 through LC2.TR.P291, C53x through LS.SW.P069, C52x through LS.FA.P150, 25xxN through LCL.CU.P114, N4000 through LC.MD.P119, N4050e through GO.GO.N206, N70xxe through LC.CO.N309, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allows remote attackers to remove the Password Protect administrative password via the vac.255.GENPASSWORD parameter. | |||||
CVE-2014-0684 | 1 Cisco | 5 Nexus 7000, Nexus 7000 10-slot, Nexus 7000 18-slot and 2 more | 2024-02-28 | 4.6 MEDIUM | N/A |
Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause a denial of service via crafted sed input, aka Bug ID CSCui56136. | |||||
CVE-2015-1380 | 3 Opensuse, Oracle, Privoxy | 3 Opensuse, Solaris, Privoxy | 2024-02-28 | 5.0 MEDIUM | N/A |
jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body. |