Total
10354 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0799 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2025-04-12 | 4.3 MEDIUM | N/A |
| The HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 allows man-in-the-middle attackers to bypass an intended X.509 certificate-verification step for an SSL server by specifying that server in the uri-host field of an Alt-Svc HTTP/2 response header. | |||||
| CVE-2015-5074 | 1 X2engine | 1 X2crm | 2025-04-12 | 7.5 HIGH | N/A |
| Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM before 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht extension. | |||||
| CVE-2015-0601 | 1 Cisco | 4 Unified Ip Phone 9951, Unified Ip Phone 9971, Unified Ip Phones 9951 Firmware and 1 more | 2025-04-12 | 4.6 MEDIUM | N/A |
| Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allow local users to cause a denial of service (device reload) via crafted commands, aka Bug ID CSCup92790. | |||||
| CVE-2016-1336 | 1 Cisco | 2 Epc3928, Epc3928 Firmware | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| goform/Docsis_system on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long LanguageSelect parameter, related to a "Gateway HTTP Corruption Denial of Service" issue, aka Bug ID CSCuy28100. | |||||
| CVE-2014-4390 | 1 Apple | 1 Mac Os X | 2025-04-12 | 9.3 HIGH | N/A |
| Bluetooth in Apple OS X before 10.9.5 does not properly validate API calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application. | |||||
| CVE-2015-4329 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2025-04-12 | 6.5 MEDIUM | N/A |
| The administrator web interface in Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, aka Bug ID CSCuv11796. | |||||
| CVE-2016-9156 | 1 Siemens | 1 Sicam Pas\/pqs | 2025-04-12 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to upload, download, or delete files in certain parts of the file system by sending specially crafted packets to port 19235/TCP. | |||||
| CVE-2016-4641 | 1 Apple | 1 Mac Os X | 2025-04-12 | 9.3 HIGH | 7.3 HIGH |
| Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or obtain sensitive user information via a crafted app that leverages a "type confusion." | |||||
| CVE-2016-2527 | 1 Wireshark | 1 Wireshark | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser in Wireshark 2.0.x before 2.0.2 does not ensure that a '\0' character is present at the end of certain strings, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file. | |||||
| CVE-2013-7234 | 1 Simplemachines | 1 Simple Machines Forum | 2025-04-12 | 4.3 MEDIUM | N/A |
| Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header. | |||||
| CVE-2015-8099 | 1 F5 | 21 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 18 more | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP DNS 12.x before 12.0.0 HF1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 HF10; Enterprise Manager 3.0.0 through 3.1.1; BIG-IQ Cloud and BIG-IQ Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 on the 3900, 6900, 8900, 8950, 11000, 11050, PB100 and PB200 platforms, when software SYN cookies are configured on virtual servers, allow remote attackers to cause a denial of service (High-Speed Bridge hang) via an invalid TCP segment. | |||||
| CVE-2015-5208 | 1 Apache | 1 Cordova | 2025-04-12 | 4.3 MEDIUM | 4.4 MEDIUM |
| Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link. | |||||
| CVE-2014-1273 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-12 | 5.8 MEDIUM | N/A |
| dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library. | |||||
| CVE-2014-0762 | 1 Qeiinc | 1 Epaq-9410 Substation Gateway | 2025-04-12 | 4.7 MEDIUM | N/A |
| The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows physically proximate attackers to cause a denial of service (infinite loop or process crash) via crafted input over a serial line. | |||||
| CVE-2015-7234 | 1 Structured Dynamics | 1 Open Semantic Framework | 2025-04-12 | 4.0 MEDIUM | N/A |
| The OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology and OSF Import modules are enabled, allows user-assisted remote attackers to delete arbitrary files via unspecified vectors. | |||||
| CVE-2012-6687 | 1 Fastcgi | 1 Fcgi | 2025-04-12 | 5.0 MEDIUM | N/A |
| FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause a denial of service (segmentation fault and crash) via a large number of connections. | |||||
| CVE-2015-5696 | 1 Dell | 1 Netvault Backup | 2025-04-12 | 5.0 MEDIUM | N/A |
| Dell Netvault Backup before 10.0.5 allows remote attackers to cause a denial of service (crash) via a crafted request. | |||||
| CVE-2015-1261 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-12 | 5.0 MEDIUM | N/A |
| android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in Google Chrome before 43.0.2357.65 on Android does not properly restrict use of a URL's fragment identifier during construction of a page-info popup, which allows remote attackers to spoof the URL bar or deliver misleading popup content via crafted text. | |||||
| CVE-2015-7036 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | 7.5 HIGH | N/A |
| The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument. | |||||
| CVE-2013-7235 | 1 Simplemachines | 1 Simple Machines Forum | 2025-04-12 | 7.5 HIGH | N/A |
| Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to impersonate arbitrary users via multiple space characters characters. | |||||