Total
29483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1138 | 1 Kddi | 2 Home Spot Cube, Home Spot Cube Firmware | 2025-04-12 | 4.3 MEDIUM | 4.7 MEDIUM |
| CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors. | |||||
| CVE-2016-3963 | 1 Siemens | 1 Scalance S613 | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Siemens SCALANCE S613 allows remote attackers to cause a denial of service (web-server outage) via traffic to TCP port 443. | |||||
| CVE-2015-0881 | 1 Squid-cache | 1 Squid | 2025-04-12 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response. | |||||
| CVE-2016-5242 | 1 Xen | 1 Xen | 2025-04-12 | 4.7 MEDIUM | 5.6 MEDIUM |
| The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS crash) by creating concurrent domains and holding references to them, related to VMID exhaustion. | |||||
| CVE-2014-9491 | 1 Illumos | 1 Illumos | 2025-04-12 | 5.0 MEDIUM | N/A |
| The devzvol_readdir function in illumos does not check the return value of a strchr call, which allows remote attackers to cause a denial of service (NULL pointer dereference and panic) via unspecified vectors. | |||||
| CVE-2014-3631 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 7.2 HIGH | N/A |
| The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple "keyctl newring" operations followed by a "keyctl timeout" operation. | |||||
| CVE-2015-8337 | 1 Huawei | 4 Mate 7, Mate 7 Firmware, P8 and 1 more | 2025-04-12 | 7.1 HIGH | 5.5 MEDIUM |
| The HIFI driver in Huawei P8 phones with software GRA-TL00 before GRA-TL00C01B220SP01, GRA-CL00 before GRA-CL00C92B220, GRA-CL10 before GRA-CL10C92B220, GRA-UL00 before GRA-UL00C00B220, GRA-UL10 before GRA-UL10C00B220 and Mate7 phones with software MT7-UL00 before MT7-UL00C17B354, MT7-TL10 before MT7-TL10C00B354, MT7-TL00 before MT7-TL00C01B354, and MT7-CL00 before MT7-CL00C92B354 allows remote attackers to cause a denial of service (invalid memory access and reboot) via unspecified vectors related to "input null pointer as parameter." | |||||
| CVE-2015-0207 | 1 Openssl | 1 Openssl | 2025-04-12 | 5.0 MEDIUM | N/A |
| The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of service (application crash) via crafted DTLS traffic, as demonstrated by DTLS 1.0 traffic to a DTLS 1.2 server. | |||||
| CVE-2014-4511 | 1 Gitlist | 1 Gitlist | 2025-04-12 | 7.5 HIGH | N/A |
| Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/. | |||||
| CVE-2011-3628 | 1 Canonical | 2 Libpam-modules, Ubuntu Linux | 2025-04-12 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.04 LTS, when using certain configurations such as "session optional pam_motd.so", allows local users to gain privileges by modifying the PATH environment variable to reference a malicious command, as demonstrated via uname. | |||||
| CVE-2016-2187 | 3 Canonical, Linux, Novell | 5 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 2 more | 2025-04-12 | 4.9 MEDIUM | 4.6 MEDIUM |
| The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. | |||||
| CVE-2015-8650 | 5 Adobe, Apple, Google and 2 more | 9 Air, Air Sdk, Air Sdk \& Compiler and 6 more | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, and CVE-2015-8649. | |||||
| CVE-2015-1137 | 1 Apple | 1 Mac Os X | 2025-04-12 | 7.2 HIGH | N/A |
| The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via an unspecified IOService userclient type. | |||||
| CVE-2015-2167 | 1 Ericsson | 1 Drutt Mobile Service Delivery Platform | 2025-04-12 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the 3PI Manager in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to jsp/start-3pi-manager.jsp. | |||||
| CVE-2014-8093 | 1 X.org | 3 X11, Xfree86, Xorg-server | 2025-04-12 | 6.5 MEDIUM | N/A |
| Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) __glXDisp_ReadPixels, (2) __glXDispSwap_ReadPixels, (3) __glXDisp_GetTexImage, (4) __glXDispSwap_GetTexImage, (5) GetSeparableFilter, (6) GetConvolutionFilter, (7) GetHistogram, (8) GetMinmax, (9) GetColorTable, (10) __glXGetAnswerBuffer, (11) __GLX_GET_ANSWER_BUFFER, (12) __glXMap1dReqSize, (13) __glXMap1fReqSize, (14) Map2Size, (15) __glXMap2dReqSize, (16) __glXMap2fReqSize, (17) __glXImageSize, or (18) __glXSeparableFilter2DReqSize function, which triggers an out-of-bounds read or write. | |||||
| CVE-2015-6456 | 1 Ge | 1 Mds Pulsenet | 2025-04-12 | 9.0 HIGH | N/A |
| GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 have hardcoded credentials for a support account, which allows remote attackers to obtain administrative access, and consequently execute arbitrary code, by leveraging knowledge of the password. | |||||
| CVE-2016-1900 | 2 Cgit Project, Fedoraproject | 2 Cgit, Fedora | 2025-04-12 | 4.3 MEDIUM | 3.7 LOW |
| CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename. | |||||
| CVE-2014-3574 | 1 Apache | 1 Poi | 2025-04-12 | 4.3 MEDIUM | N/A |
| Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack. | |||||
| CVE-2016-4831 | 1 Linecorp | 2 Line, Line Installer | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in LINE and LINE Installer 4.7.0 and earlier on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2013-6919 | 1 Phpthumb Project | 1 Phpthumb | 2025-04-12 | 4.3 MEDIUM | N/A |
| The default configuration of phpThumb before 1.7.12 has a false value for the disable_debug option, which allows remote attackers to conduct Server-Side Request Forgery (SSRF) attacks via the src parameter. | |||||