Total
11506 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4723 | 1 Ddsn | 1 Cm3 Acora Content Management System | 2025-04-12 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l parameter to track.aspx. | |||||
| CVE-2015-1833 | 1 Apache | 1 Jackrabbit | 2025-04-12 | 6.4 MEDIUM | N/A |
| XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request. | |||||
| CVE-2015-2460 | 1 Microsoft | 8 .net Framework, Windows 10, Windows 7 and 5 more | 2025-04-12 | 9.3 HIGH | N/A |
| ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability." | |||||
| CVE-2014-6336 | 1 Microsoft | 1 Exchange Server | 2025-04-12 | 3.5 LOW | N/A |
| Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 does not properly validate redirection tokens, which allows remote attackers to redirect users to arbitrary web sites and spoof the origin of e-mail messages via unspecified vectors, aka "Exchange URL Redirection Vulnerability." | |||||
| CVE-2015-7375 | 1 Indusoft | 1 Web Studio | 2025-04-12 | 7.5 HIGH | N/A |
| Schneider Electric InduSoft Web Studio before 8.0 allows remote attackers to execute arbitrary code or cause a denial of service (unhandled runtime exception and application crash) via a crafted Indusoft Project file. | |||||
| CVE-2015-6246 | 2 Oracle, Wireshark | 3 Linux, Solaris, Wireshark | 2025-04-12 | 4.3 MEDIUM | N/A |
| The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2016-1746 | 1 Apple | 1 Mac Os X | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1747. | |||||
| CVE-2015-6784 | 1 Google | 1 Chrome | 2025-04-12 | 4.3 MEDIUM | N/A |
| The page serializer in Google Chrome before 47.0.2526.73 mishandles Mark of the Web (MOTW) comments for URLs containing a "--" sequence, which might allow remote attackers to inject HTML via a crafted URL, as demonstrated by an initial http://example.com?-- substring. | |||||
| CVE-2014-4503 | 2 Cgminer Project, Sgminer Project | 2 Cgminer, Sgminer | 2025-04-12 | 4.3 MEDIUM | N/A |
| The parse_notify function in util.c in sgminer before 4.2.2 and cgminer 3.3.0 through 4.0.1 allows man-in-the-middle attackers to cause a denial of service (application exit) via a crafted (1) bbversion, (2) prev_hash, (3) nbit, or (4) ntime parameter in a mining.notify action stratum message. | |||||
| CVE-2016-4353 | 2 Canonical, Gnupg | 2 Ubuntu Linux, Libksba | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data. | |||||
| CVE-2014-0628 | 1 Dell | 1 Bsafe Micro-edition-suite | 2025-04-12 | 5.0 MEDIUM | N/A |
| The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.5 does not properly process certificate chains, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. | |||||
| CVE-2015-8552 | 4 Canonical, Debian, Novell and 1 more | 5 Ubuntu Linux, Debian Linux, Suse Linux Enterprise Debuginfo and 2 more | 2025-04-12 | 1.7 LOW | 4.4 MEDIUM |
| The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka "Linux pciback missing sanity checks." | |||||
| CVE-2014-3739 | 1 Zenoss | 1 Zenoss | 2025-04-12 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in zport/acl_users/cookieAuthHelper/login_form in Zenoss 4.2.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the came_from parameter. | |||||
| CVE-2015-0702 | 1 Cisco | 1 Unified Meetingplace | 2025-04-12 | 9.0 HIGH | N/A |
| Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712. | |||||
| CVE-2014-8824 | 1 Apple | 1 Mac Os X | 2025-04-12 | 10.0 HIGH | N/A |
| The kernel in Apple OS X before 10.10.2 does not properly validate IODataQueue object metadata fields, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2015-8730 | 1 Wireshark | 1 Wireshark | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet. | |||||
| CVE-2014-2744 | 2 Lightwitch, Prosody | 2 Metronome, Prosody | 2025-04-12 | 7.8 HIGH | N/A |
| plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cause a denial of service (resource consumption) via compressed XML elements in an XMPP stream, aka an "xmppbomb" attack. | |||||
| CVE-2016-4530 | 1 Osisoft | 1 Pi Sql Data Access Server 2016 | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| OSIsoft PI SQL Data Access Server (aka OLE DB) 2016 1.5 allows remote authenticated users to cause a denial of service (service outage and data loss) via a message. | |||||
| CVE-2015-4184 | 1 Cisco | 1 Email Security Appliance | 2025-04-12 | 5.0 MEDIUM | N/A |
| The anti-spam scanner on Cisco Email Security Appliance (ESA) devices 3.3.1-09, 7.5.1-gpl-022, and 8.5.6-074 allows remote attackers to bypass intended e-mail restrictions via a malformed DNS SPF record, aka Bug IDs CSCuu35853 and CSCuu37733. | |||||
| CVE-2016-4420 | 1 Wireshark | 1 Wireshark | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||