Vulnerabilities (CVE)

Filtered by CWE-20
Total 11430 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-0641 1 Cisco 1 Ios Xe 2025-04-12 7.8 HIGH N/A
Cisco IOS XE 2.x and 3.x before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via crafted IPv6 packets, aka Bug ID CSCub68073.
CVE-2015-1604 1 Adminsystems Cms Project 1 Adminsystems Cms 2025-04-12 6.5 MEDIUM N/A
Unrestricted file upload vulnerability in asys/site/files.php in Adminsystems CMS before 4.0.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/files/.
CVE-2012-2682 1 Redhat 1 Enterprise Mrg 2025-04-12 5.0 MEDIUM N/A
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, allows attackers with certain database privileges to cause a denial of service (inaccessible page) via a non-ASCII character in the name of a link.
CVE-2016-3741 1 Google 1 Android 2025-04-12 7.5 HIGH 9.8 CRITICAL
The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does not initialize certain slice data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165661.
CVE-2014-3532 6 Debian, Freedesktop, Linux and 3 more 6 Debian Linux, Dbus, Linux Kernel and 3 more 2025-04-12 2.1 LOW N/A
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded.
CVE-2011-4407 1 Canonical 2 Software-properties, Ubuntu Linux 2025-04-12 4.3 MEDIUM N/A
ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository.
CVE-2015-7794 1 Corega 1 Cg-wlncm4g Firmware 2025-04-12 5.0 MEDIUM 5.8 MEDIUM
Corega CG-WLNCM4G devices provide an open DNS resolver, which allows remote attackers to cause a denial of service (traffic amplification) via crafted queries.
CVE-2013-6418 1 Pywbem Project 1 Pywbem 2025-04-12 5.8 MEDIUM N/A
PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate.
CVE-2016-1661 3 Google, Opensuse, Redhat 6 Chrome, Opensuse, Enterprise Linux Desktop Supplementary and 3 more 2025-04-12 8.3 HIGH 8.0 HIGH
Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted web site, related to BindingSecurity.cpp and DOMWindow.cpp.
CVE-2014-2522 2 Haxx, Microsoft 3 Curl, Libcurl, Windows 2025-04-12 4.0 MEDIUM N/A
curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.
CVE-2015-8722 1 Wireshark 1 Wireshark 2025-04-12 4.3 MEDIUM 5.5 MEDIUM
epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.
CVE-2016-1240 3 Apache, Canonical, Debian 3 Tomcat, Ubuntu Linux, Debian Linux 2025-04-12 7.2 HIGH 7.8 HIGH
The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out.
CVE-2015-4315 1 Cisco 1 Telepresence Video Communication Server Software 2025-04-12 5.5 MEDIUM N/A
The Call Policy Configuration page in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3 improperly validates external DTDs, which allows remote authenticated users to read arbitrary files or cause a denial of service via a crafted XML document, aka Bug ID CSCuv31853.
CVE-2014-0761 1 Qeiinc 1 Epaq-9410 Substation Gateway 2025-04-12 7.1 HIGH N/A
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet.
CVE-2014-8825 1 Apple 1 Mac Os X 2025-04-12 7.2 HIGH N/A
The kernel in Apple OS X before 10.10.2 does not properly perform identitysvc validation of certain directory-service functionality, which allows local users to gain privileges or spoof directory-service responses via unspecified vectors.
CVE-2014-3941 1 Typo3 1 Typo3 2025-04-12 5.0 MEDIUM N/A
TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to "Host Spoofing."
CVE-2014-9872 1 Google 1 Android 2025-04-12 6.8 MEDIUM 7.8 HIGH
The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28750155 and Qualcomm internal bug CR590721.
CVE-2014-8310 1 Sap 1 Businessobjects 2025-04-12 7.1 HIGH N/A
The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remote attackers to cause a denial of service (server shutdown) via crafted OSCAFactory::Session ORB message.
CVE-2015-0293 1 Openssl 1 Openssl 2025-04-12 5.0 MEDIUM N/A
The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.
CVE-2015-6863 1 Hp 1 Arcsight Logger 2025-04-12 7.5 HIGH 7.3 HIGH
HPE ArcSight Logger before 6.1P1 allows remote attackers to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.