Total
227 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-3225 | 3 Debian, Opensuse, Rack Project | 3 Debian Linux, Opensuse, Rack | 2024-02-04 | 5.0 MEDIUM | N/A |
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth. | |||||
CVE-2015-8672 | 1 Huawei | 5 Te30, Te40, Te50 and 2 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
The presentation transmission permission management mechanism in Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 allows remote attackers to cause a denial of service (wired presentation outage) via unspecified vectors involving a wireless presentation. | |||||
CVE-2016-2000 | 1 Hp | 2 Asset Manager, Asset Manager Cloudsystem Chargeback | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | |||||
CVE-2015-5348 | 1 Apache | 1 Camel | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x before 2.16.1, when using (1) camel-jetty or (2) camel-servlet as a consumer in Camel routes, allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request. | |||||
CVE-2016-7117 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing. | |||||
CVE-2015-5344 | 1 Apache | 1 Camel | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request. | |||||
CVE-2016-3236 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles proxy discovery, which allows remote attackers to redirect network traffic via unspecified vectors, aka "Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability." | |||||
CVE-2015-4025 | 3 Apple, Php, Redhat | 9 Mac Os X, Php, Enterprise Linux and 6 more | 2024-02-04 | 7.5 HIGH | N/A |
PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. | |||||
CVE-2016-4477 | 1 Google | 1 Android | 2024-02-04 | 4.4 MEDIUM | 7.8 HIGH |
wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service (daemon outage), via a crafted (1) SET, (2) SET_CRED, or (3) SET_NETWORK command. | |||||
CVE-2016-4062 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
Foxit Reader and PhantomPDF before 7.3.4 on Windows improperly report format errors recursively, which allows remote attackers to cause a denial of service (application hang) via a crafted PDF. | |||||
CVE-2016-1771 | 1 Apple | 1 Safari | 2024-02-04 | 7.1 HIGH | 6.5 MEDIUM |
The Downloads feature in Apple Safari before 9.1 mishandles file expansion, which allows remote attackers to cause a denial of service via a crafted web site. | |||||
CVE-2015-3763 | 1 Apple | 1 Iphone Os | 2024-02-04 | 4.3 MEDIUM | N/A |
Safari in Apple iOS before 8.4.1 does not limit the rate of JavaScript alert messages, which allows remote attackers to cause a denial of service (apparent browser locking) via a crafted web site. | |||||
CVE-2016-1947 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Leap and 1 more | 2024-02-04 | 4.3 MEDIUM | 4.7 MEDIUM |
Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data. | |||||
CVE-2015-5621 | 1 Net-snmp | 1 Net-snmp | 2024-02-04 | 7.5 HIGH | N/A |
The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet. | |||||
CVE-2015-0989 | 1 Icsgmbh | 1 Pactware | 2024-02-04 | 4.3 MEDIUM | N/A |
PACTware 4.1 SP3 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers an internal error. | |||||
CVE-2016-5153 | 2 Google, Opensuse | 2 Chrome, Leap | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site. | |||||
CVE-2016-3856 | 1 Google | 1 Android | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
netd in Android before 2016-08-05 mishandles tethering and stdio streams, which allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR959631. | |||||
CVE-2015-3294 | 2 Oracle, Thekelleys | 2 Solaris, Dnsmasq | 2024-02-04 | 6.4 MEDIUM | N/A |
The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request. | |||||
CVE-2016-7099 | 2 Nodejs, Suse | 2 Node.js, Linux Enterprise | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. | |||||
CVE-2015-7054 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-02-04 | 6.8 MEDIUM | N/A |
zlib in the Compression component in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not initialize memory for an unspecified data structure, which allows remote attackers to execute arbitrary code via a crafted web site. |