Total
9734 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-2735 | 1 Winscp | 1 Winscp | 2024-02-28 | 5.8 MEDIUM | N/A |
WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
CVE-2014-0662 | 1 Cisco | 2 Telepresence Video Communication Server Software, Telepresence Video Communication Servers Software | 2024-02-28 | 7.1 HIGH | N/A |
The SIP module in Cisco TelePresence Video Communication Server (VCS) before 8.1 allows remote attackers to cause a denial of service (process failure) via a crafted SDP message, aka Bug ID CSCue97632. | |||||
CVE-2014-0128 | 2 Opensuse, Squid-cache | 2 Opensuse, Squid | 2024-02-28 | 5.0 MEDIUM | N/A |
Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management. | |||||
CVE-2013-6887 | 1 Uclouvain | 1 Openjpeg | 2024-02-28 | 6.4 MEDIUM | N/A |
OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors. | |||||
CVE-2014-2184 | 1 Cisco | 1 Unified Communications Manager | 2024-02-28 | 5.0 MEDIUM | N/A |
The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352. | |||||
CVE-2013-4322 | 1 Apache | 1 Tomcat | 2024-02-28 | 4.3 MEDIUM | N/A |
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544. | |||||
CVE-2014-2966 | 1 Caucho | 1 Resin | 2024-02-28 | 5.0 MEDIUM | N/A |
The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism. | |||||
CVE-2014-3292 | 1 Cisco | 1 Unified Communications Manager | 2024-02-28 | 5.5 MEDIUM | N/A |
The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL, aka Bug IDs CSCuo17302 and CSCuo17199. | |||||
CVE-2015-2684 | 2 Debian, Shibboleth | 2 Debian Linux, Service Provider | 2024-02-28 | 4.0 MEDIUM | N/A |
Shibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of service (crash) via a crafted SAML message. | |||||
CVE-2014-9358 | 1 Docker | 1 Docker | 2024-02-28 | 6.4 MEDIUM | N/A |
Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications." | |||||
CVE-2014-8594 | 3 Debian, Opensuse, Xen | 3 Debian Linux, Opensuse, Xen | 2024-02-28 | 5.4 MEDIUM | N/A |
The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP). | |||||
CVE-2015-0702 | 1 Cisco | 1 Unified Meetingplace | 2024-02-28 | 9.0 HIGH | N/A |
Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712. | |||||
CVE-2014-6429 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 5.0 MEDIUM | N/A |
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | |||||
CVE-2014-2287 | 2 Digium, Fedoraproject | 3 Asterisk, Certified Asterisk, Fedora | 2024-02-28 | 3.5 LOW | N/A |
channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value. | |||||
CVE-2014-1928 | 1 Python-gnupg Project | 1 Python-gnupg | 2024-02-28 | 4.6 MEDIUM | N/A |
The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\" (backslash) characters to form multi-command sequences, a different vulnerability than CVE-2014-1927. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323. | |||||
CVE-2014-2097 | 1 Ffmpeg | 1 Ffmpeg | 2024-02-28 | 6.8 MEDIUM | N/A |
The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before 2.1.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted TAK (aka Tom's lossless Audio Kompressor) data. | |||||
CVE-2014-3159 | 1 Google | 2 Android, Chrome | 2024-02-28 | 6.4 MEDIUM | N/A |
The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly restrict URL loading, which allows remote attackers to spoof the URL in the Omnibox via unspecified vectors. | |||||
CVE-2014-0037 | 1 Zarafa | 1 Zarafa | 2024-02-28 | 5.0 MEDIUM | N/A |
The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the username." | |||||
CVE-2014-2160 | 1 Cisco | 13 Tandberg 2000 Mxp, Tandberg 550 Mxp, Tandberg 770 Mxp and 10 more | 2024-02-28 | 7.8 HIGH | N/A |
The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCty45745. | |||||
CVE-2015-1134 | 1 Apple | 1 Mac Os X | 2024-02-28 | 7.2 HIGH | N/A |
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1135. |