Total
10354 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0954 | 1 Ibm | 1 Websphere Portal | 2025-04-12 | 6.8 MEDIUM | N/A |
| IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 does not validate JSP includes, which allows remote attackers to obtain sensitive information, bypass intended request-dispatcher access restrictions, or cause a denial of service (memory consumption) via a crafted URL. | |||||
| CVE-2016-2088 | 1 Isc | 1 Bind | 2025-04-12 | 4.3 MEDIUM | 6.8 MEDIUM |
| resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option. | |||||
| CVE-2016-5691 | 2 Imagemagick, Oracle | 2 Imagemagick, Solaris | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue. | |||||
| CVE-2014-5375 | 1 Adaptivecomputing | 1 Moab | 2025-04-12 | 4.0 MEDIUM | N/A |
| The server in Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 does not properly validate the message owner matches the submitting user, which allows remote authenticated users to impersonate arbitrary users via the UserId and Owner tags. | |||||
| CVE-2015-8744 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
| QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS. | |||||
| CVE-2015-1371 | 1 Ferretcms Project | 1 Ferretcms | 2025-04-12 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in ferretCMS 1.0.4-alpha allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in custom/uploads/. | |||||
| CVE-2015-0582 | 1 Cisco | 2 Mds 9000, Nx-os | 2025-04-12 | 5.0 MEDIUM | N/A |
| The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 devices allows remote attackers to cause a denial of service via crafted traffic, aka Bug ID CSCuo09129. | |||||
| CVE-2014-2180 | 1 Cisco | 2 Unified Contact Center Enterprise, Unified Contact Center Express Editor Software | 2025-04-12 | 4.0 MEDIUM | N/A |
| The Document Management component in Cisco Unified Contact Center Express does not properly validate a parameter, which allows remote authenticated users to upload files to arbitrary pathnames via a crafted HTTP request, aka Bug ID CSCun74133. | |||||
| CVE-2015-7754 | 1 Juniper | 1 Screenos | 2025-04-12 | 9.3 HIGH | 8.1 HIGH |
| Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation. | |||||
| CVE-2016-6399 | 1 Cisco | 9 Ace 4700 Series Application Control Engine Appliance, Ace 4700 Series Application Control Engine Appliance A1, Ace 4700 Series Application Control Engine Appliance A3 and 6 more | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| Cisco ACE30 Application Control Engine Module through A5 3.3 and ACE 4700 Application Control Engine appliances through A5 3.3 allow remote attackers to cause a denial of service (device reload) via crafted (1) SSL or (2) TLS packets, aka Bug ID CSCvb16317. | |||||
| CVE-2016-6450 | 1 Cisco | 1 Ios Xe | 2025-04-12 | 1.9 LOW | 2.5 LOW |
| A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulnerability affects the following products if they are running a vulnerable release of Cisco IOS XE Software: Cisco 5700 Series Wireless LAN Controllers, Cisco Catalyst 3650 Series Switches, Cisco Catalyst 3850 Series Switches, Cisco Catalyst 4500E Series Switches, Cisco Catalyst 4500X Series Switches. More Information: CSCva60013 CSCvb22622. Known Affected Releases: 3.7(0) 16.4.1 Denali-16.1.3 Denali-16.2.2 Denali-16.3.1. Known Fixed Releases: 15.2(4)E3 16.1(2.208) 16.2(2.42) 16.3(1.22) 16.4(0.190) 16.5(0.29). | |||||
| CVE-2016-1712 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1.12, and 7.0.x before 7.0.8 might allow local users to gain privileges by leveraging improper sanitization of the root_reboot local invocation. | |||||
| CVE-2014-0679 | 1 Cisco | 1 Prime Infrastructure | 2025-04-12 | 9.0 HIGH | N/A |
| Cisco Prime Infrastructure 1.2 and 1.3 before 1.3.0.20-2, 1.4 before 1.4.0.45-2, and 2.0 before 2.0.0.0.294-2 allows remote authenticated users to execute arbitrary commands with root privileges via an unspecified URL, aka Bug ID CSCum71308. | |||||
| CVE-2016-5284 | 1 Mozilla | 1 Firefox | 2025-04-12 | 4.3 MEDIUM | 7.4 HIGH |
| Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority. | |||||
| CVE-2014-9030 | 3 Debian, Opensuse, Xen | 3 Debian Linux, Opensuse, Xen | 2025-04-12 | 7.1 HIGH | N/A |
| The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE. | |||||
| CVE-2015-2754 | 2 Debian, Gaia-gis | 2 Debian Linux, Freexl | 2025-04-12 | 6.8 MEDIUM | N/A |
| FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) and possibly execute arbitrary code via a crafted workbook, related to a "premature EOF." | |||||
| CVE-2015-4605 | 2 Php, Redhat | 8 Php, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule. | |||||
| CVE-2013-2014 | 2 Fedoraproject, Openstack | 2 Fedora, Keystone | 2025-04-12 | 5.0 MEDIUM | N/A |
| OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests. | |||||
| CVE-2015-0879 | 1 Almail | 1 Al-mail32 | 2025-04-12 | 4.3 MEDIUM | N/A |
| CREAR AL-Mail32 before 1.13d allows remote attackers to cause a denial of service (application crash) via a (1) CON, (2) AUX, or (3) NUL device name in the filename of an attachment. | |||||
| CVE-2014-6159 | 1 Ibm | 1 Db2 | 2025-04-12 | 3.5 LOW | N/A |
| IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 through FP4 on Linux, UNIX, and Windows, when immediate AUTO_REVAL is enabled, allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement. | |||||