Total
11158 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5251 | 1 Mozilla | 1 Firefox | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL. | |||||
| CVE-2016-6711 | 1 Google | 1 Android | 2025-04-12 | 7.1 HIGH | 5.5 MEDIUM |
| A remote denial of service vulnerability in libvpx in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-30593765. | |||||
| CVE-2015-0725 | 1 Cisco | 2 Videoscape Distribution Suite For Internet Streaming, Videoscape Distribution Suite Service Broker | 2025-04-12 | 7.8 HIGH | N/A |
| Cisco Videoscape Distribution Suite Service Broker (aka VDS-SB), when a VDSM configuration on UCS is used, and Videoscape Distribution Suite for Internet Streaming (aka VDS-IS or CDS-IS) before 3.3.1 R7 and 4.x before 4.0.0 R4 allow remote attackers to cause a denial of service (device reload) via a crafted HTTP request, aka Bug IDs CSCus79834 and CSCuu63409. | |||||
| CVE-2016-2424 | 1 Google | 1 Android | 2025-04-12 | 7.1 HIGH | 5.5 MEDIUM |
| server/content/SyncStorageEngine.java in SyncStorageEngine in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mismanages certain authority data, which allows attackers to cause a denial of service (reboot loop) via a crafted application, aka internal bug 26513719. | |||||
| CVE-2014-3377 | 1 Cisco | 1 Ios Xr | 2025-04-12 | 4.0 MEDIUM | N/A |
| snmpd in Cisco IOS XR 5.1 and earlier allows remote authenticated users to cause a denial of service (process reload) via a malformed SNMPv2 packet, aka Bug ID CSCun67791. | |||||
| CVE-2014-7994 | 1 Cisco | 6 Meraki Mr, Meraki Mr Firmware, Meraki Ms and 3 more | 2025-04-12 | 5.4 MEDIUM | N/A |
| Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and sending a request to an unspecified HTTP handler on the local network, aka Cisco-Meraki defect ID 00301991. | |||||
| CVE-2015-1380 | 3 Opensuse, Oracle, Privoxy | 3 Opensuse, Solaris, Privoxy | 2025-04-12 | 5.0 MEDIUM | N/A |
| jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body. | |||||
| CVE-2015-2754 | 2 Debian, Gaia-gis | 2 Debian Linux, Freexl | 2025-04-12 | 6.8 MEDIUM | N/A |
| FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) and possibly execute arbitrary code via a crafted workbook, related to a "premature EOF." | |||||
| CVE-2015-8719 | 1 Wireshark | 1 Wireshark | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2014-0747 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 6.8 MEDIUM | N/A |
| The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493. | |||||
| CVE-2014-5460 | 1 Tribulant | 1 Tibulant Slideshow Gallery | 2025-04-12 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/. | |||||
| CVE-2014-2855 | 1 Samba | 1 Rsync | 2025-04-12 | 7.8 HIGH | N/A |
| The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file. | |||||
| CVE-2004-2771 | 4 Bsd Mailx Project, Heirloom, Oracle and 1 more | 4 Bsd Mailx, Mailx, Linux and 1 more | 2025-04-12 | 7.5 HIGH | N/A |
| The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address. | |||||
| CVE-2016-3980 | 1 Sap | 1 Application Server Java | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The Java Startup Framework (aka jstart) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted HTTP request, aka SAP Security Note 2259547. | |||||
| CVE-2016-1563 | 1 Netapp | 1 Clustered Data Ontap | 2025-04-12 | 5.8 MEDIUM | 6.8 MEDIUM |
| NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-3822 | 1 Juniper | 13 Junos, Srx100, Srx110 and 10 more | 2025-04-12 | 5.4 MEDIUM | N/A |
| Juniper Junos 11.4 before 11.4R8, 12.1 before 12.1R5, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.1X46 before 12.1X46-D10, and 12.1X47 before 12.1X47-D10 on SRX Series devices, allows remote attackers to cause a denial of service (flowd crash) via a malformed packet, related to translating IPv6 to IPv4. | |||||
| CVE-2015-1043 | 1 Vmware | 3 Fusion, Player, Workstation | 2025-04-12 | 3.3 LOW | N/A |
| The Host Guest File System (HGFS) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware Fusion 6.x before 6.0.5 and 7.x before 7.0.1 allows guest OS users to cause a guest OS denial of service via unspecified vectors. | |||||
| CVE-2016-2145 | 2 Fedoraproject, Uninett | 2 Fedora, Mod Auth Mellon | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash) via a crafted POST data. | |||||
| CVE-2015-5767 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | 4.3 MEDIUM | N/A |
| The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5765. | |||||
| CVE-2016-3202 | 1 Microsoft | 5 Chakra Javascript, Edge, Internet Explorer and 2 more | 2025-04-12 | 7.6 HIGH | 7.5 HIGH |
| The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." | |||||