Total
9733 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-3880 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 4.9 MEDIUM | N/A |
The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 10.0 before p4 destroys the virtual memory address space and mappings for a process before all threads have terminated, which allows local users to cause a denial of service (triple-fault and system reboot) via a crafted system call, which triggers an invalid page table pointer dereference. | |||||
CVE-2014-3378 | 1 Cisco | 1 Ios Xr | 2024-02-28 | 5.0 MEDIUM | N/A |
tacacsd in Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial of service (process reload) via a malformed TACACS+ packet, aka Bug ID CSCum00468. | |||||
CVE-2014-1594 | 1 Mozilla | 4 Firefox, Firefox Esr, Seamonkey and 1 more | 2024-02-28 | 6.8 MEDIUM | N/A |
Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type. | |||||
CVE-2014-1723 | 1 Google | 1 Chrome | 2024-02-28 | 7.5 HIGH | N/A |
The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in Google Chrome before 34.0.1847.116 does not properly handle bidirectional Internationalized Resource Identifiers (IRIs), which makes it easier for remote attackers to spoof URLs via crafted use of right-to-left (RTL) Unicode text. | |||||
CVE-2014-2144 | 1 Cisco | 1 Ios Xr | 2024-02-28 | 6.1 MEDIUM | N/A |
Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which allows remote attackers to cause a denial of service (IPv4 and IPv6 transit outage) via crafted redirect messages, aka Bug ID CSCum14266. | |||||
CVE-2014-3214 | 1 Isc | 1 Bind | 2024-02-28 | 5.0 MEDIUM | N/A |
The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a DNS query that triggers a response with unspecified attributes. | |||||
CVE-2014-6028 | 1 Torrentflux Project | 1 Torrentflux | 2024-02-28 | 4.0 MEDIUM | N/A |
TorrentFlux 2.4 allows remote authenticated users to obtain other users' cookies via the cid parameter in an editCookies action to profile.php. | |||||
CVE-2015-1371 | 1 Ferretcms Project | 1 Ferretcms | 2024-02-28 | 7.5 HIGH | N/A |
Unrestricted file upload vulnerability in ferretCMS 1.0.4-alpha allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in custom/uploads/. | |||||
CVE-2014-0256 | 1 Microsoft | 2 Windows Server 2008, Windows Server 2012 | 2024-02-28 | 5.0 MEDIUM | N/A |
Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold allow remote attackers to cause a denial of service (iSCSI service outage) by sending many crafted packets, aka "iSCSI Target Remote Denial of Service Vulnerability." | |||||
CVE-2014-0819 | 1 Autodesk | 1 Autocad | 2024-02-28 | 4.4 MEDIUM | N/A |
Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | |||||
CVE-2015-0664 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2024-02-28 | 4.3 MEDIUM | N/A |
The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary userspace memory locations, and consequently gain privileges, via crafted messages, aka Bug ID CSCus79195. | |||||
CVE-2013-6444 | 1 Pywbem Project | 1 Pywbem | 2024-02-28 | 5.8 MEDIUM | N/A |
PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
CVE-2014-2159 | 1 Cisco | 13 Tandberg 2000 Mxp, Tandberg 550 Mxp, Tandberg 770 Mxp and 10 more | 2024-02-28 | 7.8 HIGH | N/A |
The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCtq78722. | |||||
CVE-2015-0293 | 1 Openssl | 1 Openssl | 2024-02-28 | 5.0 MEDIUM | N/A |
The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message. | |||||
CVE-2014-1273 | 1 Apple | 2 Iphone Os, Tvos | 2024-02-28 | 5.8 MEDIUM | N/A |
dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library. | |||||
CVE-2015-0639 | 1 Cisco | 1 Ios Xe | 2024-02-28 | 7.8 HIGH | N/A |
The Common Flow Table (CFT) feature in Cisco IOS XE 3.6 and 3.7 before 3.7.1S, 3.8 before 3.8.0S, 3.9 before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S, when MMON or NBAR is enabled, allows remote attackers to cause a denial of service (device reload) via malformed IPv6 packets with IPv4 UDP encapsulation, aka Bug ID CSCua79665. | |||||
CVE-2015-2177 | 1 Siemens | 2 Simatic S7-300 Cpu, Simatic S7-300 Cpu Firmware | 2024-02-28 | 7.8 HIGH | N/A |
Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 102 or (2) Profibus. | |||||
CVE-2014-3533 | 4 Debian, Freedesktop, Mageia Project and 1 more | 4 Debian Linux, Dbus, Mageia and 1 more | 2024-02-28 | 2.1 LOW | N/A |
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor. | |||||
CVE-2014-4138 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4130 and CVE-2014-4132. | |||||
CVE-2014-2585 | 1 Owncloud | 1 Owncloud | 2024-02-28 | 4.9 MEDIUM | N/A |
ownCloud before 5.0.15 and 6.x before 6.0.2, when the file_external app is enabled, allows remote authenticated users to mount the local filesystem in the user's ownCloud via the mount configuration. |