Total
9737 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-3062 | 1 Cisco | 1 Ios | 2024-02-28 | 5.7 MEDIUM | N/A |
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193. | |||||
CVE-2015-3323 | 1 Lenovo | 6 Thinkserver Rd350, Thinkserver Rd450, Thinkserver Rd550 and 3 more | 2024-02-28 | 5.0 MEDIUM | N/A |
The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of service (web interface crash) via a malformed HTTP request during authentication. | |||||
CVE-2011-4103 | 1 Djangoproject | 1 Piston | 2024-02-28 | 7.5 HIGH | N/A |
emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method. | |||||
CVE-2013-0336 | 1 Redhat | 1 Freeipa | 2024-02-28 | 5.0 MEDIUM | N/A |
The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn, related to the 389 directory server. | |||||
CVE-2014-3941 | 1 Typo3 | 1 Typo3 | 2024-02-28 | 5.0 MEDIUM | N/A |
TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to "Host Spoofing." | |||||
CVE-2013-7177 | 1 Fail2ban | 1 Fail2ban | 2024-02-28 | 5.0 MEDIUM | N/A |
config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression. | |||||
CVE-2014-6373 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | |||||
CVE-2014-3376 | 1 Cisco | 1 Ios Xr | 2024-02-28 | 5.0 MEDIUM | N/A |
Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed RSVP packet, aka Bug ID CSCuq12031. | |||||
CVE-2014-6368 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 4.3 MEDIUM | N/A |
Microsoft Internet Explorer 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability." | |||||
CVE-2014-0179 | 2 Opensuse, Redhat | 4 Opensuse, Enterprise Linux, Enterprise Virtualization and 1 more | 2024-02-28 | 1.9 LOW | N/A |
libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods. | |||||
CVE-2014-2103 | 1 Cisco | 1 Intrusion Prevention System | 2024-02-28 | 6.8 MEDIUM | N/A |
Cisco Intrusion Prevention System (IPS) Software allows remote attackers to cause a denial of service (MainApp process outage) via malformed SNMP packets, aka Bug IDs CSCum52355 and CSCul49309. | |||||
CVE-2013-4250 | 1 Typo3 | 1 Typo3 | 2024-02-28 | 6.5 MEDIUM | N/A |
The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file. | |||||
CVE-2014-2653 | 1 Openbsd | 1 Openssh | 2024-02-28 | 5.8 MEDIUM | N/A |
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate. | |||||
CVE-2011-3603 | 1 Litech | 1 Router Advertisement Daemon | 2024-02-28 | 4.4 MEDIUM | N/A |
The router advertisement daemon (radvd) before 1.8.2 does not properly handle errors in the privsep_init function, which causes the radvd daemon to run as root and has an unspecified impact. | |||||
CVE-2015-0228 | 4 Apache, Apple, Canonical and 1 more | 5 Http Server, Mac Os X, Mac Os X Server and 2 more | 2024-02-28 | 5.0 MEDIUM | N/A |
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function. | |||||
CVE-2014-1360 | 1 Apple | 1 Iphone Os | 2024-02-28 | 2.1 LOW | N/A |
Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism via unspecified vectors. | |||||
CVE-2014-1861 | 1 Jetroplatforms | 1 Jetro Cockpit Secure Browsing | 2024-02-28 | 9.3 HIGH | N/A |
The client in Jetro COCKPIT Secure Browsing (JCSB) 4.3.1 and 4.3.3 does not validate the FileName element in an RDP_FILE_TRANSFER document, which allows remote JCSB servers to execute arbitrary programs by providing a .EXE extension. | |||||
CVE-2013-5350 | 1 Tejimaya | 1 Openpne | 2024-02-28 | 7.5 HIGH | N/A |
The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly validate login data in HTTP Cookie headers, which allows remote attackers to conduct PHP object injection attacks, and execute arbitrary PHP code, via a crafted serialized object. | |||||
CVE-2014-1297 | 1 Apple | 1 Safari | 2024-02-28 | 5.0 MEDIUM | N/A |
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read arbitrary files by leveraging WebProcess access. | |||||
CVE-2015-0677 | 1 Cisco | 1 Adaptive Security Appliance Software | 2024-02-28 | 7.8 HIGH | N/A |
The XML parser in Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.28), 8.6 before 8.6(1.17), 9.0 before 9.0(4.33), 9.1 before 9.1(6), 9.2 before 9.2(3.4), and 9.3 before 9.3(3), when Clientless SSL VPN, AnyConnect SSL VPN, or AnyConnect IKEv2 VPN is used, allows remote attackers to cause a denial of service (VPN outage or device reload) via a crafted XML document, aka Bug ID CSCus95290. |