Total
11434 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9886 | 1 Google | 1 Android | 2025-04-12 | 6.8 MEDIUM | 7.8 HIGH |
| arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815575 and Qualcomm internal bug CR555030. | |||||
| CVE-2016-9191 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity. | |||||
| CVE-2014-9410 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 7.2 HIGH | 9.8 CRITICAL |
| The vfe31_proc_general function in drivers/media/video/msm/vfe/msm_vfe31.c in the MSM-VFE31 driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate a certain id value, which allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that makes a crafted ioctl call. | |||||
| CVE-2015-4273 | 1 Cisco | 1 Asr 5000 Series Software | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 15.0(912), 15.0(935), and 15.0(938) allows remote attackers to cause a denial of service (Session Manager outage) via malformed fields in an IP packet, aka Bug ID CSCut38476. | |||||
| CVE-2014-5376 | 1 Adaptivecomputing | 1 Moab | 2025-04-12 | 4.0 MEDIUM | N/A |
| Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0, when a pre-generated key is used, does not validate that the requesting user matches the actor in the message, which allows remote authenticated users to impersonate arbitrary users via the actor field in a message. | |||||
| CVE-2014-0865 | 1 Ibm | 2 Algo Credit Limits, Algorithmics | 2025-04-12 | 4.9 MEDIUM | N/A |
| RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via crafted serialized objects, as demonstrated by limit manipulations. | |||||
| CVE-2015-5091 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-04-12 | 7.8 HIGH | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to cause a denial of service via invalid data. | |||||
| CVE-2015-2431 | 1 Microsoft | 4 Live Meeting, Lync, Lync Basic and 1 more | 2025-04-12 | 9.3 HIGH | N/A |
| Microsoft Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, and Lync Basic 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office Graphics Library (OGL) font, aka "Microsoft Office Graphics Component Remote Code Execution Vulnerability." | |||||
| CVE-2015-0980 | 1 Scadaengine | 1 Bacnet Opc Server | 2025-04-12 | 9.0 HIGH | N/A |
| Format string vulnerability in BACnOPCServer.exe in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via format string specifiers in a request. | |||||
| CVE-2014-2158 | 1 Cisco | 13 Tandberg 2000 Mxp, Tandberg 550 Mxp, Tandberg 770 Mxp and 10 more | 2025-04-12 | 7.8 HIGH | N/A |
| Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45720. | |||||
| CVE-2016-3979 | 1 Sap | 1 Java As | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (heap memory corruption and process crash) via a crafted HTTP request, related to the IctParseCookies function, aka SAP Security Note 2256185. | |||||
| CVE-2014-3310 | 1 Cisco | 2 Webex Meeting Center, Webex Meetings Server | 2025-04-12 | 4.3 MEDIUM | N/A |
| The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463. | |||||
| CVE-2016-0044 | 1 Microsoft | 3 Windows 8.1, Windows Rt 8.1, Windows Server 2012 | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Sync Framework in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows remote attackers to cause a denial of service (SyncShareSvc service outage) via crafted "change batch" data, aka "Windows DLL Loading Denial of Service Vulnerability." | |||||
| CVE-2016-9863 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in phpMyAdmin. With a very large request to table partitioning function, it is possible to invoke a Denial of Service (DoS) attack. All 4.6.x versions (prior to 4.6.5) are affected. | |||||
| CVE-2016-1752 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2025-04-12 | 7.1 HIGH | 5.5 MEDIUM |
| The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to cause a denial of service via a crafted app. | |||||
| CVE-2015-6334 | 1 Cisco | 1 Asr 5000 Software | 2025-04-12 | 5.0 MEDIUM | N/A |
| Cisco ASR 5000 and 5500 devices with software 18.0.0.57828 and 19.0.M0.61045 allow remote attackers to cause a denial of service (vpnmgr process restart) via a crafted header in a TACACS packet, aka Bug ID CSCuw01984. | |||||
| CVE-2016-0754 | 2 Haxx, Microsoft | 2 Curl, Windows | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name. | |||||
| CVE-2014-2645 | 1 Hp | 1 Systems Insight Manager | 2025-04-12 | 4.3 MEDIUM | N/A |
| HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to conduct clickjacking attacks via unknown vectors. | |||||
| CVE-2016-4579 | 3 Canonical, Gnupg, Opensuse | 3 Ubuntu Linux, Libksba, Leap | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl." | |||||
| CVE-2014-6209 | 1 Ibm | 1 Db2 | 2025-04-12 | 4.0 MEDIUM | N/A |
| IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying an identity column within a crafted ALTER TABLE statement. | |||||