Vulnerabilities (CVE)

Filtered by CWE-19
Total 222 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-5331 1 Linux 1 Linux Kernel 2025-04-20 4.9 MEDIUM 5.5 MEDIUM
The altivec_unavailable_exception function in arch/powerpc/kernel/traps.c in the Linux kernel before 2.6.19 on 64-bit systems mishandles the case where CONFIG_ALTIVEC is defined and the CPU actually supports Altivec, but the Altivec support was not detected by the kernel, which allows local users to cause a denial of service (panic) by triggering execution of an Altivec instruction.
CVE-2016-9305 1 Autodesk 1 Fbx Software Development Kit 2025-04-20 7.5 HIGH 9.8 CRITICAL
Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers.
CVE-2015-8985 1 Gnu 1 Glibc 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.
CVE-2015-0224 1 Apache 1 Qpid 2025-04-20 5.0 MEDIUM 7.5 HIGH
qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203.
CVE-2014-0997 4 Google, Lg, Motorola and 1 more 6 Android, Nexus 4, Nexus 5 and 3 more 2025-04-20 5.0 MEDIUM 7.5 HIGH
WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 and 5.0.2 does not properly handle exceptions, which allows remote attackers to cause a denial of service (reboot) via a crafted 802.11 probe response frame.
CVE-2016-8226 1 Lenovo 11 Flex System X240 M5 Bios, Flex System X280 M6 Bios, Flex System X480 X6 Bios and 8 more 2025-04-20 6.8 MEDIUM 4.9 MEDIUM
The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure.
CVE-2015-2255 1 Huawei 2 Ar1220, Ar1220 Firmware 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
Huawei AR1220 routers with software before V200R005SPH006 allow remote attackers to cause a denial of service (board reset) via vectors involving a large amount of traffic from the GE port to the FE port.
CVE-2016-6287 1 Call-cc 1 Http-client 2025-04-20 5.0 MEDIUM 7.5 HIGH
The "http-client" egg always used a HTTP_PROXY environment variable to determine whether HTTP traffic should be routed via a proxy, even when running as a CGI process. Under several web servers this would mean a user-supplied "Proxy" header could allow an attacker to direct all HTTP requests through a proxy (also known as a "httpoxy" attack). This affects all versions of http-client before 0.10.
CVE-2016-4977 1 Pivotal 1 Spring Security Oauth 2025-04-20 6.5 MEDIUM 8.8 HIGH
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.
CVE-2015-7979 1 Ntp 1 Ntp 2025-04-20 5.0 MEDIUM 7.5 HIGH
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.
CVE-2016-3091 1 Cloud Foundry 1 Diego 2025-04-20 5.0 MEDIUM 7.5 HIGH
Cloud Foundry Diego 0.1468.0 through 0.1470.0 allows remote attackers to cause a denial of service.
CVE-2016-9252 1 F5 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 11 more 2025-04-20 5.0 MEDIUM 7.5 HIGH
The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial-of-service (DoS) through unspecified vectors.
CVE-2016-4925 1 Juniper 1 Junose 2025-04-20 5.0 MEDIUM 7.5 HIGH
Receipt of a specifically malformed IPv6 packet processed by the router may trigger a line card reset: processor exception 0x68616c74 (halt) in task: scheduler. The line card will reboot and recover without user interaction. However, additional specifically malformed packets may cause follow-on line card resets and lead to an extended service outage. This issue only affects E Series routers with IPv6 licensed and enabled. Routers not configured to process IPv6 traffic are unaffected by this vulnerability. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue.
CVE-2016-5225 1 Google 1 Chrome 2025-04-20 4.3 MEDIUM 4.3 MEDIUM
Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled form actions, which allowed a remote attacker to bypass Content Security Policy via a crafted HTML page.
CVE-2015-1838 2 Fedoraproject, Saltstack 2 Fedora, Salt 2025-04-20 4.6 MEDIUM 5.3 MEDIUM
modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.
CVE-2016-2783 1 Avaya 1 Vsp Operating System Software 2025-04-20 10.0 HIGH 9.8 CRITICAL
Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software (VOSS) before 4.2.3.0 and 5.x before 5.0.1.0 does not properly handle VLAN and I-SIS indexes, which allows remote attackers to obtain unauthorized access via crafted Ethernet frames.
CVE-2016-1548 1 Ntp 1 Ntp 2025-04-20 6.4 MEDIUM 7.2 HIGH
An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.
CVE-2014-6610 1 Digium 2 Asterisk, Certified Asterisk 2025-04-12 4.0 MEDIUM N/A
Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application.
CVE-2015-1648 1 Microsoft 1 .net Framework 2025-04-12 2.6 LOW N/A
ASP.NET in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, when the customErrors configuration is disabled, allows remote attackers to obtain sensitive configuration-file information via a crafted request, aka "ASP.NET Information Disclosure Vulnerability."
CVE-2014-3916 1 Rubyonrails 1 Rails 2025-04-12 5.0 MEDIUM N/A
The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string.