Total
29854 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1879 | 1 Freebsd | 1 Freebsd | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denial of service (assertion failure or NULL pointer dereference and kernel panic) via a crafted ICMPv6 packet. | |||||
| CVE-2014-3660 | 5 Apple, Canonical, Debian and 2 more | 5 Mac Os X, Ubuntu Linux, Debian Linux and 2 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack. | |||||
| CVE-2015-7298 | 2 Owncloud, Qt | 2 Owncloud Desktop Client, Qt | 2025-04-12 | 5.1 MEDIUM | N/A |
| ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression. | |||||
| CVE-2014-1345 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | 4.3 MEDIUM | N/A |
| WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted web site. | |||||
| CVE-2015-7303 | 1 Avira | 1 Management Console | 2025-04-12 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the Update Manager service in Avira Management Console allows remote attackers to execute arbitrary code via a large header. | |||||
| CVE-2015-7067 | 1 Apple | 1 Mac Os X | 2025-04-12 | 2.1 LOW | N/A |
| IOThunderboltFamily in Apple OS X before 10.11.2 allows local users to cause a denial of service (NULL pointer dereference) via an unspecified userclient type. | |||||
| CVE-2016-2175 | 2 Apache, Debian | 2 Pdfbox, Debian Linux | 2025-04-12 | 7.5 HIGH | 7.8 HIGH |
| Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF. | |||||
| CVE-2016-1900 | 2 Cgit Project, Fedoraproject | 2 Cgit, Fedora | 2025-04-12 | 4.3 MEDIUM | 3.7 LOW |
| CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename. | |||||
| CVE-2016-1679 | 6 Canonical, Debian, Google and 3 more | 9 Ubuntu Linux, Debian Linux, Chrome and 6 more | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| The ToV8Value function in content/child/v8_value_converter_impl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code. | |||||
| CVE-2013-4143 | 1 David Bagley | 1 Xlockmore | 2025-04-12 | 2.1 LOW | N/A |
| The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemented in glibc 2.17 and later, which allows attackers to bypass the screen lock via vectors related to invalid salts. | |||||
| CVE-2015-8642 | 5 Adobe, Apple, Google and 2 more | 9 Air, Air Sdk, Air Sdk \& Compiler and 6 more | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650. | |||||
| CVE-2013-7220 | 1 Gnome | 1 Gnome-shell | 2025-04-12 | 4.6 MEDIUM | N/A |
| js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search. | |||||
| CVE-2015-1317 | 2 Canonical, Oxide Project | 2 Ubuntu Linux, Oxide | 2025-04-12 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists. | |||||
| CVE-2015-4510 | 1 Mozilla | 1 Firefox | 2025-04-12 | 6.8 MEDIUM | N/A |
| Race condition in the WorkerPrivate::NotifyFeatures function in Mozilla Firefox before 41.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) by leveraging improper interaction between shared workers and the IndexedDB implementation. | |||||
| CVE-2014-8137 | 2 Jasper Project, Redhat | 2 Jasper, Enterprise Linux | 2025-04-12 | 6.8 MEDIUM | N/A |
| Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file. | |||||
| CVE-2015-7658 | 5 Adobe, Apple, Google and 2 more | 9 Air, Air Sdk, Air Sdk \& Compiler and 6 more | 2025-04-12 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted actionInstanceOf arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. | |||||
| CVE-2015-6538 | 1 Ephiphanyheathdata | 1 Cardio Server | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles authentication requests, which allows remote attackers to conduct LDAP injection attacks, and consequently bypass intended access restrictions, via a crafted URL. | |||||
| CVE-2015-4177 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| The collect_mounts function in fs/namespace.c in the Linux kernel before 4.0.5 does not properly consider that it may execute after a path has been unmounted, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call. | |||||
| CVE-2015-0325 | 4 Adobe, Apple, Linux and 1 more | 4 Flash Player, Mac Os X, Linux Kernel and 1 more | 2025-04-12 | 10.0 HIGH | N/A |
| Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2015-0326 and CVE-2015-0328. | |||||
| CVE-2016-0160 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| Microsoft Internet Explorer 11 mishandles DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability." | |||||