Total
11766 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1609 | 2 Fedoraproject, Mongodb | 2 Fedora, Mongodb | 2025-04-12 | 5.0 MEDIUM | N/A |
| MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request. | |||||
| CVE-2011-3195 | 1 Gplhost | 1 Domain Technologie Control | 2025-04-12 | 6.5 MEDIUM | N/A |
| shared/inc/sql/lists.php in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in mailing list tunable options. | |||||
| CVE-2016-0381 | 1 Ibm | 1 Cognos Tm1 | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Cognos TM1 10.2.2 before FP5, when the host/pmhub/pm/admin AdminGroups setting is empty, allows remote authenticated users to cause a denial of service (configuration outage) via a non-empty value. | |||||
| CVE-2013-2809 | 1 Osisoft | 1 Pi Interface | 2025-04-12 | 7.1 HIGH | N/A |
| The DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54 for DNP3 allows remote attackers to cause a denial of service (interface shutdown) via a crafted TCP packet. | |||||
| CVE-2014-3327 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | 7.8 HIGH | N/A |
| The EnergyWise module in Cisco IOS 12.2, 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.2.xXO, 3.3.xSG, 3.4.xSG, and 3.5.xE before 3.5.3E allows remote attackers to cause a denial of service (device reload) via a crafted IPv4 packet, aka Bug ID CSCup52101. | |||||
| CVE-2014-5120 | 1 Php | 1 Php | 2025-04-12 | 6.4 MEDIUM | N/A |
| gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function. | |||||
| CVE-2016-4085 | 3 Debian, Oracle, Wireshark | 3 Debian Linux, Solaris, Wireshark | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet. | |||||
| CVE-2013-7236 | 1 Simplemachines | 1 Simple Machines Forum | 2025-04-12 | 7.5 HIGH | N/A |
| Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unicode homoglyph character in a username. | |||||
| CVE-2015-0756 | 1 Cisco | 1 Wireless Lan Controller | 2025-04-12 | 6.1 MEDIUM | N/A |
| Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) allow remote attackers to cause a denial of service (wireless-networking outage) via crafted TCP traffic on the local network, aka Bug ID CSCug67104. | |||||
| CVE-2015-5837 | 1 Apple | 2 Iphone Os, Watchos | 2025-04-12 | 4.3 MEDIUM | N/A |
| PluginKit in Apple iOS before 9 allows attackers to bypass an intended app-trust requirement and install arbitrary extensions via a crafted enterprise app. | |||||
| CVE-2015-0644 | 1 Cisco | 1 Ios Xe | 2025-04-12 | 7.8 HIGH | N/A |
| AppNav in Cisco IOS XE 3.8 through 3.10 before 3.10.3S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to execute arbitrary code or cause a denial of service (device reload) via a crafted TCP packet, aka Bug ID CSCuo53622. | |||||
| CVE-2014-1360 | 1 Apple | 1 Iphone Os | 2025-04-12 | 2.1 LOW | N/A |
| Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism via unspecified vectors. | |||||
| CVE-2016-7417 | 1 Php | 1 Php | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data. | |||||
| CVE-2015-4652 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2025-04-12 | 4.3 MEDIUM | N/A |
| epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the de_emerg_num_list and de_bcd_num functions. | |||||
| CVE-2014-9060 | 1 Moodle | 1 Moodle | 2025-04-12 | 5.0 MEDIUM | N/A |
| The LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not properly restrict the parameters used in a return URL, which allows remote attackers to trigger the generation of arbitrary messages via a modified URL, related to mod/lti/locallib.php and mod/lti/return.php. | |||||
| CVE-2015-2506 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2025-04-12 | 9.3 HIGH | N/A |
| atmfd.dll in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to cause a denial of service (system crash) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability." | |||||
| CVE-2016-5340 | 2 Google, Linux | 2 Android, Linux Kernel | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name. | |||||
| CVE-2015-2776 | 2 Debian, Gaia-gis | 2 Debian Linux, Freexl | 2025-04-12 | 4.3 MEDIUM | N/A |
| The parse_SST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service (memory consumption) via a crafted shared strings table in a workbook. | |||||
| CVE-2014-6365 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerability," a different vulnerability than CVE-2014-6328. | |||||
| CVE-2015-6934 | 1 Vmware | 2 Vcenter Orchestrator, Vrealize Orchestrator | 2025-04-12 | 7.5 HIGH | 7.3 HIGH |
| Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | |||||