Total
12940 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-3093 | 2 Apache, Ognl Project | 2 Struts, Ognl | 2025-04-12 | N/A |
| Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors. | ||||
| CVE-2012-5017 | 1 Cisco | 8 Asr 1001, Asr 1002, Asr 1002-x and 5 more | 2025-04-12 | N/A |
| Cisco IOS before 15.1(1)SY1 allows remote authenticated users to cause a denial of service (device reload) by establishing a VPN session and then sending malformed IKEv2 packets, aka Bug ID CSCub39268. | ||||
| CVE-2016-3071 | 2 Fedoraproject, Libreswan | 2 Fedora, Libreswan | 2025-04-12 | N/A |
| Libreswan 3.16 might allow remote attackers to cause a denial of service (daemon restart) via an IKEv2 aes_xcbc transform. | ||||
| CVE-2014-9415 | 1 Huawei | 1 Espace Desktop | 2025-04-12 | N/A |
| Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES file. | ||||
| CVE-2016-0092 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-12 | N/A |
| OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2016-0091. | ||||
| CVE-2014-0106 | 3 Apple, Redhat, Todd Miller | 3 Mac Os X, Enterprise Linux, Sudo | 2025-04-12 | N/A |
| Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable. | ||||
| CVE-2015-8489 | 1 Cybozu | 1 Office | 2025-04-12 | N/A |
| customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service (excessive database locking) via a crafted CSV file, a different vulnerability than CVE-2016-1153. | ||||
| CVE-2014-0488 | 1 Debian | 1 Advanced Package Tool | 2025-04-12 | N/A |
| APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data. | ||||
| CVE-2011-3195 | 1 Gplhost | 1 Domain Technologie Control | 2025-04-12 | N/A |
| shared/inc/sql/lists.php in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in mailing list tunable options. | ||||
| CVE-2014-9509 | 1 Typo3 | 1 Typo3 | 2025-04-12 | N/A |
| The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a "Cache Poisoning" attack using a URL with arbitrary arguments, which triggers a reload of the page. | ||||
| CVE-2015-8564 | 1 Joomla | 1 Joomla\! | 2025-04-12 | N/A |
| Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive. | ||||
| CVE-2016-1345 | 1 Cisco | 2 Asa With Firepower Services, Firesight System Software | 2025-04-12 | N/A |
| Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726. | ||||
| CVE-2016-1328 | 1 Cisco | 2 Epc3928, Epc3928 Firmware | 2025-04-12 | N/A |
| goform/WClientMACList on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long h_sortWireless parameter, related to a "Gateway Client List Denial of Service" issue, aka Bug ID CSCux24948. | ||||
| CVE-2016-2935 | 1 Ibm | 1 Bigfix Remote Control | 2025-04-12 | N/A |
| The broker application in IBM BigFix Remote Control before 9.1.3 allows remote attackers to cause a denial of service via an invalid HTTP request. | ||||
| CVE-2016-2786 | 1 Puppet | 2 Puppet Agent, Puppet Enterprise | 2025-04-12 | 9.8 Critical |
| The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof brokers and execute arbitrary commands via a crafted certificate. | ||||
| CVE-2013-2073 | 1 Transifex | 1 Transifex | 2025-04-12 | N/A |
| Transifex command-line client before 0.9 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. | ||||
| CVE-2015-1049 | 1 Siemens | 10 Scalance X-200 Series Firmware, Scalance X201-3p Irt Pro, Scalance X201-3pirt and 7 more | 2025-04-12 | N/A |
| The web server on Siemens SCALANCE X-200IRT switches with firmware before 5.2.0 allows remote attackers to hijack sessions via unspecified vectors. | ||||
| CVE-2015-8705 | 1 Isc | 1 Bind | 2025-04-12 | N/A |
| buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option. | ||||
| CVE-2014-6429 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2025-04-12 | N/A |
| The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | ||||
| CVE-2015-8716 | 1 Wireshark | 1 Wireshark | 2025-04-12 | N/A |
| The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | ||||