Total
10073 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-0640 | 1 Cisco | 1 Ios Xe | 2024-02-04 | 7.8 HIGH | N/A |
The high-speed logging (HSL) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via large IP packets that require NAT and HSL processing after fragmentation, aka Bug ID CSCuo25741. | |||||
CVE-2015-1086 | 1 Apple | 2 Iphone Os, Tvos | 2024-02-04 | 6.9 MEDIUM | N/A |
The Audio Drivers subsystem in Apple iOS before 8.3 and Apple TV before 7.2 does not properly validate IOKit object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
CVE-2015-0677 | 1 Cisco | 1 Adaptive Security Appliance Software | 2024-02-04 | 7.8 HIGH | N/A |
The XML parser in Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.28), 8.6 before 8.6(1.17), 9.0 before 9.0(4.33), 9.1 before 9.1(6), 9.2 before 9.2(3.4), and 9.3 before 9.3(3), when Clientless SSL VPN, AnyConnect SSL VPN, or AnyConnect IKEv2 VPN is used, allows remote attackers to cause a denial of service (VPN outage or device reload) via a crafted XML document, aka Bug ID CSCus95290. | |||||
CVE-2014-6135 | 1 Ibm | 2 Security Appscan, Security Appscan Source | 2024-02-04 | 4.3 MEDIUM | N/A |
IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||||
CVE-2014-2117 | 1 Cisco | 1 Emergency Responder | 2024-02-04 | 4.3 MEDIUM | N/A |
Multiple open redirect vulnerabilities in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters, aka Bug ID CSCun37909. | |||||
CVE-2015-0658 | 1 Cisco | 35 Nexus 3016, Nexus 3048, Nexus 3064 and 32 more | 2024-02-04 | 7.9 HIGH | N/A |
The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on the local network, aka Bug ID CSCur14589. | |||||
CVE-2014-6369 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | |||||
CVE-2014-0244 | 1 Samba | 1 Samba | 2024-02-04 | 3.3 LOW | N/A |
The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet. | |||||
CVE-2014-5376 | 1 Adaptivecomputing | 1 Moab | 2024-02-04 | 4.0 MEDIUM | N/A |
Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0, when a pre-generated key is used, does not validate that the requesting user matches the actor in the message, which allows remote authenticated users to impersonate arbitrary users via the actor field in a message. | |||||
CVE-2014-4398 | 1 Apple | 1 Mac Os X | 2024-02-04 | 6.9 MEDIUM | N/A |
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416. | |||||
CVE-2014-3268 | 1 Cisco | 2 Ios, Unified Border Element | 2024-02-04 | 5.0 MEDIUM | N/A |
Cisco IOS 15.2(4)M4 on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service (input-queue consumption and traffic-processing outage) via crafted RTCP packets, aka Bug ID CSCuj72215. | |||||
CVE-2014-2744 | 2 Lightwitch, Prosody | 2 Metronome, Prosody | 2024-02-04 | 7.8 HIGH | N/A |
plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service (resource consumption) via compressed XML elements in an XMPP stream, aka an "xmppbomb" attack. | |||||
CVE-2014-0762 | 1 Qeiinc | 1 Epaq-9410 Substation Gateway | 2024-02-04 | 4.7 MEDIUM | N/A |
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows physically proximate attackers to cause a denial of service (infinite loop or process crash) via crafted input over a serial line. | |||||
CVE-2014-9653 | 3 Debian, File Project, Php | 3 Debian Linux, File, Php | 2024-02-04 | 7.5 HIGH | N/A |
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. | |||||
CVE-2015-1049 | 1 Siemens | 10 Scalance X-200 Series Firmware, Scalance X201-3p Irt Pro, Scalance X201-3pirt and 7 more | 2024-02-04 | 6.8 MEDIUM | N/A |
The web server on Siemens SCALANCE X-200IRT switches with firmware before 5.2.0 allows remote attackers to hijack sessions via unspecified vectors. | |||||
CVE-2014-2673 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 4.7 MEDIUM | N/A |
The arch_dup_task_struct function in the Transactional Memory (TM) implementation in arch/powerpc/kernel/process.c in the Linux kernel before 3.13.7 on the powerpc platform does not properly interact with the clone and fork system calls, which allows local users to cause a denial of service (Program Check and system crash) via certain instructions that are executed with the processor in the Transactional state. | |||||
CVE-2014-3941 | 1 Typo3 | 1 Typo3 | 2024-02-04 | 5.0 MEDIUM | N/A |
TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to "Host Spoofing." | |||||
CVE-2015-0679 | 1 Cisco | 1 Wireless Lan Controller Software | 2024-02-04 | 6.1 MEDIUM | N/A |
The web-authentication functionality on Cisco Wireless LAN Controller (WLC) devices 7.3(103.8) and 7.4(110.0) allows remote attackers to cause a denial of service (device reload) via a malformed password, aka Bug ID CSCui57980. | |||||
CVE-2013-7335 | 1 Dotnetnuke | 1 Dotnetnuke | 2024-02-04 | 4.3 MEDIUM | N/A |
Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2014-3573 | 1 Redhat | 1 Enterprise Virtualization Manager | 2024-02-04 | 6.5 MEDIUM | N/A |
The oVirt Engine backend module, as used in Red Hat Enterprise Virtualization Manager before 3.4.2, uses an "insecure DocumentBuilderFactory," which allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML/RSDL document, related to an XML External Entity (XXE) issue. |