Total
11425 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4498 | 1 Panasonic | 1 Fpwin Pro | 2025-04-12 | 6.8 MEDIUM | 5.5 MEDIUM |
| Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an uninitialized pointer, which allows local users to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2014-3802 | 1 Microsoft | 2 Debug Interface Access Software Development Kit, Visual Studio | 2025-04-12 | 6.8 MEDIUM | N/A |
| msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file. | |||||
| CVE-2016-5351 | 1 Wireshark | 1 Wireshark | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles the lack of an EAPOL_RSN_KEY, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2014-5375 | 1 Adaptivecomputing | 1 Moab | 2025-04-12 | 4.0 MEDIUM | N/A |
| The server in Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 does not properly validate the message owner matches the submitting user, which allows remote authenticated users to impersonate arbitrary users via the UserId and Owner tags. | |||||
| CVE-2015-8899 | 2 Canonical, Thekelleys | 2 Ubuntu Linux, Dnsmasq | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally. | |||||
| CVE-2015-1000002 | 1 Filedownload Project | 1 Filedownload | 2025-04-12 | 5.8 MEDIUM | 8.2 HIGH |
| Open Proxy in filedownload v1.4 wordpress plugin | |||||
| CVE-2015-5296 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2025-04-12 | 4.3 MEDIUM | 5.4 MEDIUM |
| Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c. | |||||
| CVE-2014-9746 | 2 Debian, Freetype | 2 Debian Linux, Freetype | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font. | |||||
| CVE-2016-6197 | 2 Linux, Oracle | 3 Linux Kernel, Linux, Vm Server | 2025-04-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink. | |||||
| CVE-2016-1365 | 1 Cisco | 1 Application Policy Infrastructure Controller Enterprise Module | 2025-04-12 | 8.5 HIGH | 8.8 HIGH |
| The Grapevine update process in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0 allows remote authenticated users to execute arbitrary commands as root via a crafted upgrade parameter, aka Bug ID CSCux15507. | |||||
| CVE-2016-6712 | 1 Google | 1 Android | 2025-04-12 | 7.1 HIGH | 5.5 MEDIUM |
| A remote denial of service vulnerability in libvpx in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-30593752. | |||||
| CVE-2014-3292 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 5.5 MEDIUM | N/A |
| The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL, aka Bug IDs CSCuo17302 and CSCuo17199. | |||||
| CVE-2016-0118 | 1 Microsoft | 1 Windows 10 | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| The PDF library in Microsoft Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted PDF document, aka "Windows Remote Code Execution Vulnerability." | |||||
| CVE-2015-8711 | 1 Wireshark | 1 Wireshark | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. | |||||
| CVE-2013-7110 | 1 Transifex | 1 Transifex | 2025-04-12 | 4.3 MEDIUM | N/A |
| Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2073. | |||||
| CVE-2015-6351 | 1 Cisco | 1 Asr 5000 Software | 2025-04-12 | 5.0 MEDIUM | N/A |
| Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices with software 19.1.0.61559 and 19.2.0 allow remote attackers to cause a denial of service (BGP process restart) via a crafted header in a BGP packet, aka Bug ID CSCuw65781. | |||||
| CVE-2015-2506 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2025-04-12 | 9.3 HIGH | N/A |
| atmfd.dll in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to cause a denial of service (system crash) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability." | |||||
| CVE-2015-6128 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2025-04-12 | 7.2 HIGH | N/A |
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Windows Library Loading Remote Code Execution Vulnerability." | |||||
| CVE-2016-5675 | 2 Netgear, Nuuo | 4 Readynas Surveillance, Crystal, Nvrmini 2 and 1 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter. | |||||
| CVE-2016-5025 | 1 Nvidia | 40 Geforce 910m, Geforce 920m, Geforce 920mx and 37 more | 2025-04-12 | 6.1 MEDIUM | 6.6 MEDIUM |
| For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVAPI support layer causes a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers. | |||||