Total
11426 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0742 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 6.2 MEDIUM | N/A |
| The Certificate Authority Proxy Function (CAPF) CLI implementation in the CSR management feature in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via unspecified vectors, aka Bug ID CSCum95464. | |||||
| CVE-2015-2435 | 1 Microsoft | 15 .net Framework, Live Meeting, Lync and 12 more | 2025-04-12 | 9.3 HIGH | N/A |
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, and Silverlight before 5.1.40728 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability." | |||||
| CVE-2016-1400 | 1 Cisco | 1 Telepresence Video Communication Server | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco TelePresence Video Communications Server (VCS) X8.x before X8.7.2 allows remote attackers to cause a denial of service (service disruption) via a crafted URI in a SIP header, aka Bug ID CSCuy43258. | |||||
| CVE-2014-3391 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | 6.8 MEDIUM | N/A |
| Untrusted search path vulnerability in Cisco ASA Software 8.x before 8.4(3), 8.5, and 8.7 before 8.7(1.13) allows local users to gain privileges by placing a Trojan horse library file in external memory, leading to library use after device reload because of an incorrect LD_LIBRARY_PATH value, aka Bug ID CSCtq52661. | |||||
| CVE-2014-2165 | 1 Cisco | 2 Telepresence Tc Software, Telepresence Te Software | 2025-04-12 | 7.8 HIGH | N/A |
| The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCtq72699. | |||||
| CVE-2016-6360 | 1 Cisco | 2 Email Security Appliance, Web Security Appliance | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to the AMP process unexpectedly restarting. Affected Products: Cisco AsyncOS Software for Email Security Appliances (ESA) versions 9.5 and later up to the first fixed release, Cisco AsyncOS Software for Web Security Appliances (WSA) all versions prior to the first fixed release. More Information: CSCux56406, CSCux59928. Known Affected Releases: 9.6.0-051 9.7.0-125 8.8.0-085 9.5.0-444 WSA10.0.0-000. Known Fixed Releases: 9.7.1-066 WSA10.0.0-233. | |||||
| CVE-2014-4611 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 5.0 MEDIUM | N/A |
| Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation, a different vulnerability than CVE-2014-4715. | |||||
| CVE-2015-3455 | 3 Fedoraproject, Oracle, Squid-cache | 4 Fedora, Linux, Solaris and 1 more | 2025-04-12 | 2.6 LOW | N/A |
| Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate. | |||||
| CVE-2014-1991 | 1 Intra-mart | 1 Webplatform\/appframework | 2025-04-12 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in WebPlatform / AppFramework 6.0 through 7.2 in NTT DATA INTRAMART intra-mart allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2016-0381 | 1 Ibm | 1 Cognos Tm1 | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Cognos TM1 10.2.2 before FP5, when the host/pmhub/pm/admin AdminGroups setting is empty, allows remote authenticated users to cause a denial of service (configuration outage) via a non-empty value. | |||||
| CVE-2016-3304 | 1 Microsoft | 8 Live Meeting, Lync, Office and 5 more | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Component RCE Vulnerability," a different vulnerability than CVE-2016-3303. | |||||
| CVE-2014-3796 | 1 Vmware | 2 Nsx, Vcloud Networking And Security | 2025-04-12 | 5.0 MEDIUM | N/A |
| VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) 5.1 before 5.1.4.2 and 5.5 before 5.5.3, does not properly validate input, which allows attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-8715 | 1 Wireshark | 1 Wireshark | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | |||||
| CVE-2016-5691 | 2 Imagemagick, Oracle | 2 Imagemagick, Solaris | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3) pixel.blue. | |||||
| CVE-2015-3758 | 1 Apple | 1 Iphone Os | 2025-04-12 | 4.3 MEDIUM | N/A |
| UIKit WebView in Apple iOS before 8.4.1 allows attackers to bypass an intended user-confirmation requirement and initiate arbitrary FaceTime calls via an app that provides a crafted URL. | |||||
| CVE-2015-4327 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2025-04-12 | 7.2 HIGH | N/A |
| The CLI in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to obtain root privileges by writing script arguments to an unspecified file, aka Bug ID CSCuv12542. | |||||
| CVE-2014-2112 | 1 Cisco | 1 Ios | 2025-04-12 | 7.8 HIGH | N/A |
| The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP requests, aka Bug ID CSCuf51357. | |||||
| CVE-2014-4400 | 1 Apple | 1 Mac Os X | 2025-04-12 | 6.9 MEDIUM | N/A |
| An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4401, and CVE-2014-4416. | |||||
| CVE-2012-1366 | 1 Cisco | 10 Asr 1001, Asr 1002, Asr 1002-x and 7 more | 2025-04-12 | 6.1 MEDIUM | N/A |
| Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544. | |||||
| CVE-2016-9157 | 1 Siemens | 1 Sicam Pas\/pqs | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by sending specially crafted packets to port 19234/TCP. | |||||