Total
10067 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0489 | 1 Debian | 1 Advanced Package Tool | 2024-02-04 | 7.5 HIGH | N/A |
| APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package. | |||||
| CVE-2014-2137 | 1 Cisco | 2 Web Security Appliance, Web Security Virtual Appliance | 2024-02-04 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL, aka Bug ID CSCuj61002. | |||||
| CVE-2014-3322 | 1 Cisco | 8 Asr 9000 Rsp440 Router, Asr 9001, Asr 9006 and 5 more | 2024-02-04 | 6.1 MEDIUM | N/A |
| Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of IP packets, which allows remote attackers to cause a denial of service (chip and card hangs) via malformed (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCuo68417. | |||||
| CVE-2014-0634 | 1 Emc | 1 Vplex Geosynchrony | 2024-02-04 | 6.0 MEDIUM | N/A |
| EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | |||||
| CVE-2015-0604 | 1 Cisco | 4 Unified Ip Phone 9951, Unified Ip Phone 9971, Unified Ip Phones 9951 Firmware and 1 more | 2024-02-04 | 5.0 MEDIUM | N/A |
| The web framework on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to upload files to arbitrary locations on a phone's filesystem via crafted HTTP requests, aka Bug ID CSCup90424. | |||||
| CVE-2015-2055 | 1 Zhone Technologies | 2 Gpon 2520, Gpon 2520 Firmware | 2024-02-04 | 7.8 HIGH | N/A |
| Zhone GPON 2520 with firmware R4.0.2.566b allows remote attackers to cause a denial of service via a long string in the oldpassword parameter. | |||||
| CVE-2013-3983 | 1 Ibm | 1 Sametime | 2024-02-04 | 7.5 HIGH | N/A |
| The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote attack vectors. | |||||
| CVE-2014-9417 | 1 Huawei | 1 Espace Desktop | 2024-02-04 | 2.1 LOW | N/A |
| The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted image. | |||||
| CVE-2014-3137 | 1 Bottlepy | 1 Bottle | 2024-02-04 | 6.8 MEDIUM | N/A |
| Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Content-Type that would not be accepted, as demonstrated in YouCompleteMe to execute arbitrary code. | |||||
| CVE-2013-6486 | 1 Pidgin | 1 Pidgin | 2024-02-04 | 9.3 HIGH | N/A |
| gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3185. | |||||
| CVE-2014-1539 | 2 Apple, Mozilla | 3 Mac Os X, Firefox, Thunderbird | 2024-02-04 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cursor image. | |||||
| CVE-2013-2111 | 1 Dovecot | 1 Dovecot | 2024-02-04 | 5.0 MEDIUM | N/A |
| The IMAP functionality in Dovecot before 2.2.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via invalid APPEND parameters. | |||||
| CVE-2014-2343 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2024-02-04 | 2.1 LOW | N/A |
| Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cause a denial of service (excessive data processing) via a crafted DNP request over a serial line. | |||||
| CVE-2015-1787 | 1 Openssl | 1 Openssl | 2024-02-04 | 2.6 LOW | N/A |
| The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero. | |||||
| CVE-2014-6382 | 1 Juniper | 11 Junos, Mx10, Mx104 and 8 more | 2024-02-04 | 7.1 HIGH | N/A |
| The Juniper MX Series routers with Junos 13.3R3 through 13.3Rx before 13.3R6, 14.1 before 14.1R4, 14.1X50 before 14.1X50-D70, and 14.2 before 14.2R2, when configured as a broadband edge (BBE) router, allows remote attackers to cause a denial of service (jpppd crash and restart) by sending a crafted PAP Authenticate-Request after the PPPoE Discovery and LCP phase are complete. | |||||
| CVE-2014-2113 | 1 Cisco | 2 Ios, Ios Xe | 2024-02-04 | 7.8 HIGH | N/A |
| Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 before 3.7.5S; and 3.8, 3.9, and 3.10 before 3.10.2S allow remote attackers to cause a denial of service (I/O memory consumption and device reload) via a malformed IPv6 packet, aka Bug ID CSCui59540. | |||||
| CVE-2014-0253 | 1 Microsoft | 1 .net Framework | 2024-02-04 | 5.0 MEDIUM | N/A |
| Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service (ASP.NET daemon hang) via crafted HTTP requests that trigger persistent resource consumption for a (1) stale or (2) closed connection, as exploited in the wild in February 2014, aka "POST Request DoS Vulnerability." | |||||
| CVE-2014-4390 | 1 Apple | 1 Mac Os X | 2024-02-04 | 9.3 HIGH | N/A |
| Bluetooth in Apple OS X before 10.9.5 does not properly validate API calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application. | |||||
| CVE-2014-4400 | 1 Apple | 1 Mac Os X | 2024-02-04 | 6.9 MEDIUM | N/A |
| An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4401, and CVE-2014-4416. | |||||
| CVE-2014-2899 | 1 Yassl | 1 Cyassl | 2024-02-04 | 5.0 MEDIUM | N/A |
| wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2) a client_key_exchange message when the ephemeral key is not found. | |||||