Total
9734 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-2138 | 1 Cisco | 1 Security Manager | 2024-02-28 | 4.3 MEDIUM | N/A |
CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCun82349. | |||||
CVE-2014-1219 | 1 Broadcom | 1 2e Web Option | 2024-02-28 | 5.1 MEDIUM | N/A |
CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm. | |||||
CVE-2015-1483 | 2 Linux, Symantec | 2 Linux Kernel, Netbackup Opscenter | 2024-02-28 | 7.5 HIGH | N/A |
Symantec NetBackup OpsCenter 7.6.0.2 through 7.6.1 on Linux and UNIX allows remote attackers to execute arbitrary JavaScript code via unspecified vectors. | |||||
CVE-2014-0677 | 1 Cisco | 1 Nx-os | 2024-02-28 | 5.0 MEDIUM | N/A |
The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851. | |||||
CVE-2014-2112 | 1 Cisco | 1 Ios | 2024-02-28 | 7.8 HIGH | N/A |
The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP requests, aka Bug ID CSCuf51357. | |||||
CVE-2012-2682 | 1 Redhat | 1 Enterprise Mrg | 2024-02-28 | 5.0 MEDIUM | N/A |
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, allows attackers with certain database privileges to cause a denial of service (inaccessible page) via a non-ASCII character in the name of a link. | |||||
CVE-2015-0647 | 1 Cisco | 1 Ios | 2024-02-28 | 7.8 HIGH | N/A |
Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) UDP packets, aka Bug ID CSCum98371. | |||||
CVE-2011-2198 | 3 Gnome, Opensuse, Oracle | 3 Gnome-terminal, Opensuse, Solaris | 2024-02-28 | 3.5 LOW | N/A |
The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@". | |||||
CVE-2014-3291 | 1 Cisco | 1 Wireless Lan Controller | 2024-02-28 | 5.7 MEDIUM | N/A |
Cisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a zero value in Cisco Discovery Protocol packet data that is not properly handled during SNMP polling, aka Bug ID CSCuo12321. | |||||
CVE-2014-2645 | 1 Hp | 1 Systems Insight Manager | 2024-02-28 | 4.3 MEDIUM | N/A |
HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to conduct clickjacking attacks via unknown vectors. | |||||
CVE-2014-2342 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2024-02-28 | 5.0 MEDIUM | N/A |
Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of service (excessive data processing) via a crafted DNP3 packet. | |||||
CVE-2014-7839 | 1 Redhat | 1 Resteasy | 2024-02-28 | 6.4 MEDIUM | N/A |
DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors. | |||||
CVE-2015-2753 | 2 Debian, Gaia-gis | 2 Debian Linux, Freexl | 2024-02-28 | 6.8 MEDIUM | N/A |
FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) or possibly execute arbitrary code via a crafted sector in a workbook. | |||||
CVE-2015-1843 | 1 Redhat | 1 Docker | 2024-02-28 | 4.3 MEDIUM | N/A |
The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. NOTE: this vulnerability exists because of a CVE-2014-5277 regression. | |||||
CVE-2013-6654 | 1 Google | 1 Chrome | 2024-02-28 | 7.5 HIGH | N/A |
The SVGAnimateElement::calculateAnimatedValue function in core/svg/SVGAnimateElement.cpp in Blink, as used in Google Chrome before 33.0.1750.117, does not properly handle unexpected data types, which allows remote attackers to cause a denial of service (incorrect cast) or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2014-7861 | 1 Apple | 1 Mac Os X | 2024-02-28 | 9.3 HIGH | N/A |
The IOHIDSecurePromptClient function in Apple OS X does not properly validate pointer values, which allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted web site. | |||||
CVE-2013-4195 | 1 Plone | 1 Plone | 2024-02-28 | 5.8 MEDIUM | N/A |
Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2014-3095 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-02-28 | 3.5 LOW | N/A |
The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted UNION clause in a subquery of a SELECT statement. | |||||
CVE-2014-2288 | 1 Digium | 1 Asterisk | 2024-02-28 | 4.3 MEDIUM | N/A |
The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request," allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request. | |||||
CVE-2014-6328 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerability," a different vulnerability than CVE-2014-6365. |