Total
166 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5914 | 1 Apple | 1 Mac Os X | 2025-04-12 | 4.7 MEDIUM | N/A |
| The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. NOTE: this issue exists because of an incomplete fix for CVE-2014-4498. | |||||
| CVE-2014-9296 | 1 Ntp | 1 Ntp | 2025-04-12 | 5.0 MEDIUM | N/A |
| The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets. | |||||
| CVE-2015-1287 | 4 Debian, Google, Opensuse and 1 more | 7 Debian Linux, Chrome, Opensuse and 4 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to core/fetch/CSSStyleSheetResource.cpp. | |||||
| CVE-2015-1799 | 1 Ntp | 1 Ntp | 2025-04-12 | 4.3 MEDIUM | N/A |
| The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer. | |||||
| CVE-2015-3334 | 3 Debian, Google, Opensuse | 3 Debian Linux, Chrome, Opensuse | 2025-04-12 | 4.3 MEDIUM | N/A |
| browser/ui/website_settings/website_settings.cc in Google Chrome before 42.0.2311.90 does not always display "Media: Allowed by you" in a Permissions table after the user has granted camera permission to a web site, which might make it easier for user-assisted remote attackers to obtain sensitive video data from a device's physical environment via a crafted web site that turns on the camera at a time when the user believes that camera access is prohibited. | |||||
| CVE-2015-4620 | 1 Isc | 1 Bind | 2025-04-12 | 7.8 HIGH | N/A |
| name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone. | |||||
| CVE-2015-5369 | 1 Juniper | 4 Mag Pcs360, Pcs6000, Pcs6500 and 1 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8.1 before 8.1r5, 8.0 before 8.0r13, 7.4 before 7.4r13.5, and 7.1 before 7.1r22.2 and PPS 5.1 before 5.1R5 and 5.0 before 5.0R13, when Hardware Acceleration is enabled, does not properly validate the Finished TLS handshake message, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted Finished message. | |||||
| CVE-2015-1805 | 2 Google, Linux | 2 Android, Linux Kernel | 2025-04-12 | 7.2 HIGH | N/A |
| The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." | |||||
| CVE-2015-1452 | 1 Fortinet | 1 Fortios | 2025-04-12 | 7.8 HIGH | N/A |
| The Control and Provisioning of Wireless Access Points (CAPWAP) daemon in Fortinet FortiOS 5.0 Patch 7 build 4457 allows remote attackers to cause a denial of service (locked CAPWAP Access Controller) via a large number of ClientHello DTLS messages. | |||||
| CVE-2015-4335 | 2 Debian, Redislabs | 2 Debian Linux, Redis | 2025-04-12 | 10.0 HIGH | N/A |
| Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command. | |||||
| CVE-2014-7926 | 6 Canonical, Google, Icu-project and 3 more | 9 Ubuntu Linux, Chrome, International Components For Unicode and 6 more | 2025-04-12 | 7.5 HIGH | N/A |
| The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a zero-length quantifier. | |||||
| CVE-2015-7192 | 2 Apple, Mozilla | 2 Mac Os X, Firefox | 2025-04-12 | 7.5 HIGH | N/A |
| The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X improperly interacts with the implementation of the TABLE element, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using an NSAccessibilityIndexAttribute value to reference a row index. | |||||
| CVE-2014-8121 | 3 Canonical, Gnu, Suse | 4 Ubuntu Linux, Glibc, Suse Linux Enterprise Desktop and 1 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset. | |||||
| CVE-2015-4941 | 1 Ibm | 1 Websphere Mq Light | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM WebSphere MQ Light 1.x before 1.0.2 mishandles abbreviated TLS handshakes, which allows remote attackers to cause a denial of service (MQXR service crash) via unspecified vectors. | |||||
| CVE-2015-2270 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.3 MEDIUM | N/A |
| lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote attackers to obtain sensitive course information via unspecified vectors. | |||||
| CVE-2013-6497 | 1 Clamav | 1 Clamav | 2025-04-12 | 2.1 LOW | N/A |
| clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file. | |||||
| CVE-2015-1263 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-12 | 4.3 MEDIUM | N/A |
| The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2015-1262 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-12 | 7.5 HIGH | N/A |
| platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google Chrome before 43.0.2357.65, does not initialize a certain width field, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Unicode text. | |||||
| CVE-2015-0805 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2025-04-12 | 7.5 HIGH | N/A |
| The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 makes an incorrect memset call during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors that trigger rendering of 2D graphics content. | |||||
| CVE-2015-4963 | 1 Ibm | 1 Security Access Manager For Web | 2025-04-12 | 7.5 HIGH | N/A |
| IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before 8.0.1.3 mishandles WebSEAL HTTPTransformation requests, which allows remote attackers to read or write to arbitrary files via unspecified vectors. | |||||