Total
9737 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-1138 | 1 Apple | 1 Mac Os X | 2024-02-28 | 4.9 MEDIUM | N/A |
Hypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecified vectors. | |||||
CVE-2013-6478 | 1 Pidgin | 1 Pidgin | 2024-02-28 | 4.3 MEDIUM | N/A |
gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (application crash) via a long URL that is examined with a tooltip. | |||||
CVE-2013-4199 | 1 Plone | 1 Plone | 2024-02-28 | 3.5 LOW | N/A |
(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed). | |||||
CVE-2014-2137 | 1 Cisco | 2 Web Security Appliance, Web Security Virtual Appliance | 2024-02-28 | 4.3 MEDIUM | N/A |
CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002. | |||||
CVE-2014-2508 | 1 Emc | 1 Documentum Content Server | 2024-02-28 | 7.5 HIGH | N/A |
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on database actions via vectors involving DQL hints. | |||||
CVE-2014-0758 | 1 Iconics | 1 Genesis32 | 2024-02-28 | 9.3 HIGH | N/A |
An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document. | |||||
CVE-2014-1610 | 1 Mediawiki | 1 Mediawiki | 2024-02-28 | 6.0 MEDIUM | N/A |
MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php. | |||||
CVE-2014-0032 | 1 Apache | 1 Subversion | 2024-02-28 | 4.3 MEDIUM | N/A |
The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls http://svn.example.com" command. | |||||
CVE-2010-5110 | 1 Freedesktop | 1 Poppler | 2024-02-28 | 4.3 MEDIUM | N/A |
DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file. | |||||
CVE-2015-0624 | 1 Cisco | 3 Content Security Management Appliance, Email Security Appliance Firmware, Web Security Appliance | 2024-02-28 | 4.3 MEDIUM | N/A |
The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639. | |||||
CVE-2012-6153 | 1 Apache | 1 Commons-httpclient | 2024-02-28 | 4.3 MEDIUM | N/A |
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5783. | |||||
CVE-2012-5621 | 1 Ekiga | 1 Ekiga | 2024-02-28 | 5.0 MEDIUM | N/A |
lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 strings. | |||||
CVE-2015-2765 | 1 Websense | 1 Triton Ap Email | 2024-02-28 | 4.3 MEDIUM | N/A |
The Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||||
CVE-2014-4134 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | |||||
CVE-2013-6053 | 1 Uclouvain | 1 Openjpeg | 2024-02-28 | 5.0 MEDIUM | N/A |
OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read. | |||||
CVE-2014-3327 | 1 Cisco | 2 Ios, Ios Xe | 2024-02-28 | 7.8 HIGH | N/A |
The EnergyWise module in Cisco IOS 12.2, 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.2.xXO, 3.3.xSG, 3.4.xSG, and 3.5.xE before 3.5.3E allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCup52101. | |||||
CVE-2014-3873 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 2.1 LOW | N/A |
The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 9.3-BETA1 before p1 uses an incorrect page fault kernel trace entry size, which allows local users to obtain sensitive information from kernel memory via a kernel process trace. | |||||
CVE-2014-3822 | 1 Juniper | 13 Junos, Srx100, Srx110 and 10 more | 2024-02-28 | 5.4 MEDIUM | N/A |
Juniper Junos 11.4 before 11.4R8, 12.1 before 12.1R5, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.1X46 before 12.1X46-D10, and 12.1X47 before 12.1X47-D10 on SRX Series devices, allows remote attackers to cause a denial of service (flowd crash) via a malformed packet, related to translating IPv6 to IPv4. | |||||
CVE-2014-3349 | 1 Cisco | 1 Cloud Portal | 2024-02-28 | 4.0 MEDIUM | N/A |
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not validate file types during the handling of file submission, which allows remote authenticated users to upload arbitrary files via a crafted request, aka Bug ID CSCuh87410. | |||||
CVE-2014-0943 | 1 Ibm | 1 Websphere Commerce | 2024-02-28 | 7.1 HIGH | N/A |
IBM WebSphere Commerce 6.0 Feature Pack 2 through Feature Pack 5, 7.0.0.0 through 7.0.0.8, and 7.0 Feature Pack 1 through Feature Pack 7 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a malformed id parameter in a request. |