Vulnerabilities (CVE)

Filtered by CWE-20
Total 11430 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-1360 1 Apple 1 Iphone Os 2025-04-12 2.1 LOW N/A
Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism via unspecified vectors.
CVE-2015-8476 2 Debian, Phpmailer Project 2 Debian Linux, Phpmailer 2025-04-12 5.0 MEDIUM N/A
Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in class.phpmailer.php or (2) SMTP command to the sendCommand function in class.smtp.php, a different vulnerability than CVE-2012-0796.
CVE-2014-3284 1 Cisco 9 Asr 1001, Asr 1002, Asr 1002-x and 6 more 2025-04-12 6.1 MEDIUM N/A
Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180.
CVE-2014-6028 1 Torrentflux Project 1 Torrentflux 2025-04-12 4.0 MEDIUM N/A
TorrentFlux 2.4 allows remote authenticated users to obtain other users' cookies via the cid parameter in an editCookies action to profile.php.
CVE-2015-1135 1 Apple 1 Mac Os X 2025-04-12 7.2 HIGH N/A
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1134.
CVE-2015-2530 1 Microsoft 9 Windows 10, Windows 7, Windows 8 and 6 more 2025-04-12 9.3 HIGH N/A
Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka "Windows Journal RCE Vulnerability," a different vulnerability than CVE-2015-2513 and CVE-2015-2514.
CVE-2014-3273 1 Cisco 1 Ios 2025-04-12 6.1 MEDIUM N/A
The LLDP implementation in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a malformed packet, aka Bug ID CSCum96282.
CVE-2015-7234 1 Structured Dynamics 1 Open Semantic Framework 2025-04-12 4.0 MEDIUM N/A
The OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology and OSF Import modules are enabled, allows user-assisted remote attackers to delete arbitrary files via unspecified vectors.
CVE-2015-4393 1 Services Project 1 Services 2025-04-12 6.0 MEDIUM N/A
The resource/endpoint for uploading files in the Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote authenticated users with the "Save file information" permission to execute arbitrary code via a crafted filename.
CVE-2016-0785 1 Apache 1 Struts 2025-04-12 9.0 HIGH 8.8 HIGH
Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.
CVE-2016-3082 1 Apache 1 Struts 2025-04-12 10.0 HIGH 9.8 CRITICAL
XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.
CVE-2016-3705 5 Canonical, Debian, Hp and 2 more 6 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 3 more 2025-04-12 5.0 MEDIUM 7.5 HIGH
The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.
CVE-2014-8479 1 Siemens 9 Scalance X-300, Scalance X-300 Series Firmware, Scalance X-300eec and 6 more 2025-04-12 6.8 MEDIUM N/A
The FTP server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote authenticated users to cause a denial of service (reboot) via crafted FTP packets.
CVE-2015-5780 1 Apple 1 Safari 2025-04-12 10.0 HIGH N/A
The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors.
CVE-2014-2039 1 Linux 1 Linux Kernel 2025-04-12 4.9 MEDIUM N/A
arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the s390 platform does not properly handle attempted use of the linkage stack, which allows local users to cause a denial of service (system crash) by executing a crafted instruction.
CVE-2016-2775 4 Fedoraproject, Hp, Isc and 1 more 9 Fedora, Hp-ux, Bind and 6 more 2025-04-12 4.3 MEDIUM 5.9 MEDIUM
ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.
CVE-2014-6151 1 Ibm 1 Tivoli Integrated Portal 2025-04-12 3.5 LOW N/A
CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) 2.2.x allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
CVE-2016-1328 1 Cisco 2 Epc3928, Epc3928 Firmware 2025-04-12 7.8 HIGH 7.5 HIGH
goform/WClientMACList on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long h_sortWireless parameter, related to a "Gateway Client List Denial of Service" issue, aka Bug ID CSCux24948.
CVE-2014-2179 1 Cisco 7 Rv120w, Rv120w Firmware, Rv180 and 4 more 2025-04-12 5.0 MEDIUM N/A
The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998.
CVE-2015-1303 1 Google 1 Chrome 2025-04-12 7.5 HIGH N/A
bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME element.