Total
228 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0227 | 1 Apache | 1 Tomcat | 2024-02-04 | 6.4 MEDIUM | N/A |
| java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding. | |||||
| CVE-2015-2190 | 3 Opensuse, Oracle, Wireshark | 3 Opensuse, Solaris, Wireshark | 2024-02-04 | 5.0 MEDIUM | N/A |
| epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector. | |||||
| CVE-2014-8822 | 1 Apple | 1 Mac Os X | 2024-02-04 | 10.0 HIGH | N/A |
| IOHIDFamily in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a kernel context or cause a denial of service (write to kernel memory) via a crafted app that calls an unspecified user-client method. | |||||
| CVE-2014-6089 | 1 Ibm | 2 Security Access Manager For Mobile, Security Access Manager For Web | 2024-02-04 | 4.0 MEDIUM | N/A |
| IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service (disrupted system operations) by uploading a file to a protected area. | |||||
| CVE-2015-0614 | 1 Cisco | 1 Unity Connection | 2024-02-04 | 7.1 HIGH | N/A |
| The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul26267. | |||||
| CVE-2014-9034 | 1 Wordpress | 1 Wordpress | 2024-02-04 | 5.0 MEDIUM | N/A |
| wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016. | |||||
| CVE-2014-8298 | 1 Nvidia | 1 Gpu Driver | 2024-02-04 | 7.5 HIGH | N/A |
| The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Linux for Tegra (L4T) driver before R21.2, and Chrome OS driver before R40 allows remote attackers to cause a denial of service (segmentation fault and X server crash) or possibly execute arbitrary code via a crafted GLX indirect rendering protocol request. | |||||
| CVE-2014-8014 | 1 Cisco | 1 Ios Xr | 2024-02-04 | 5.0 MEDIUM | N/A |
| Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCub63710. | |||||
| CVE-2015-0060 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2024-02-04 | 4.7 MEDIUM | N/A |
| The font mapper in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly scale fonts, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Windows Font Driver Denial of Service Vulnerability." | |||||
| CVE-2015-0081 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2024-02-04 | 9.3 HIGH | N/A |
| Windows Text Services (WTS) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "WTS Remote Code Execution Vulnerability." | |||||
| CVE-2015-0695 | 1 Cisco | 7 Asr 9001, Asr 9006, Asr 9010 and 4 more | 2024-02-04 | 7.8 HIGH | N/A |
| Cisco IOS XR 4.3.4 through 5.3.0 on ASR 9000 devices, when uRPF, PBR, QoS, or an ACL is configured, does not properly handle bridge-group virtual interface (BVI) traffic, which allows remote attackers to cause a denial of service (chip and card hangs and reloads) by triggering use of a BVI interface for IPv4 packets, aka Bug ID CSCur62957. | |||||
| CVE-2015-0615 | 1 Cisco | 1 Unity Connection | 2024-02-04 | 7.1 HIGH | N/A |
| The call-handling implementation in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (port consumption) by improperly terminating SIP sessions, aka Bug ID CSCul28089. | |||||
| CVE-2015-0612 | 1 Cisco | 3 Unity Connection, Unity Connection 8.5, Unity Connection 8.6 | 2024-02-04 | 7.1 HIGH | N/A |
| The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU6, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (SIP outage) via a crafted UDP packet, aka Bug ID CSCuh25062. | |||||
| CVE-2015-1574 | 1 Google | 1 Email | 2024-02-04 | 5.0 MEDIUM | N/A |
| The Google Email application 4.2.2.0200 for Android allows remote attackers to cause a denial of service (persistent application crash) via a "Content-Disposition: ;" header in an e-mail message. | |||||
| CVE-2014-4492 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-02-04 | 7.5 HIGH | N/A |
| libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type. | |||||
| CVE-2014-8817 | 1 Apple | 1 Mac Os X | 2024-02-04 | 10.0 HIGH | N/A |
| coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a privileged context via a crafted app, as demonstrated by lack of verification of xpc_dictionary_get_value API return values during handling of a (1) match_mmap_archives, (2) delete_mmap_archives, (3) write_mmap_archive, or (4) read_mmap_archive command. | |||||
| CVE-2015-1062 | 1 Apple | 2 Iphone Os, Tvos | 2024-02-04 | 5.0 MEDIUM | N/A |
| MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app. | |||||
| CVE-2015-0097 | 1 Microsoft | 3 Excel, Powerpoint, Word | 2024-02-04 | 9.3 HIGH | N/A |
| Microsoft Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Excel 2010 SP2, PowerPoint 2010 SP2, and Word 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Word Local Zone Remote Code Execution Vulnerability." | |||||
| CVE-2015-2188 | 5 Debian, Mageia, Opensuse and 2 more | 6 Debian Linux, Mageia, Opensuse and 3 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression. | |||||
| CVE-2014-7141 | 1 Squid-cache | 1 Squid | 2024-02-04 | 6.4 MEDIUM | N/A |
| The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet. | |||||