Total
12945 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-0584 | 1 Cisco | 1 Desktop Collaboration Experience Dx650 | 2025-04-12 | N/A |
| The image-upgrade implementation on Cisco Desktop Collaboration Experience (aka Collaboration Desk Experience or DX) DX650 endpoints allows local users to execute arbitrary OS commands via an unspecified parameter, aka Bug ID CSCus38947. | ||||
| CVE-2016-1929 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, related to an unspecified debug function, aka SAP Security Note 2241978. | ||||
| CVE-2015-0578 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | N/A |
| Cisco Adaptive Security Appliance (ASA) Software, when a DHCPv6 relay is configured, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets on the local network, aka Bug ID CSCur45455. | ||||
| CVE-2015-0563 | 3 Opensuse, Redhat, Wireshark | 3 Opensuse, Enterprise Linux, Wireshark | 2025-04-12 | N/A |
| epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | ||||
| CVE-2015-3192 | 4 Fedoraproject, Pivotal Software, Redhat and 1 more | 8 Fedora, Spring Framework, Jboss Amq and 5 more | 2025-04-12 | N/A |
| Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file. | ||||
| CVE-2015-0547 | 1 Emc | 1 Documentum D2 | 2025-04-12 | N/A |
| The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors. | ||||
| CVE-2012-5336 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV. | ||||
| CVE-2014-3880 | 1 Freebsd | 1 Freebsd | 2025-04-12 | N/A |
| The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 10.0 before p4 destroys the virtual memory address space and mappings for a process before all threads have terminated, which allows local users to cause a denial of service (triple-fault and system reboot) via a crafted system call, which triggers an invalid page table pointer dereference. | ||||
| CVE-2014-3822 | 1 Juniper | 13 Junos, Srx100, Srx110 and 10 more | 2025-04-12 | N/A |
| Juniper Junos 11.4 before 11.4R8, 12.1 before 12.1R5, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.1X46 before 12.1X46-D10, and 12.1X47 before 12.1X47-D10 on SRX Series devices, allows remote attackers to cause a denial of service (flowd crash) via a malformed packet, related to translating IPv6 to IPv4. | ||||
| CVE-2014-3657 | 2 Libvirt, Redhat | 2 Libvirt, Enterprise Linux | 2025-04-12 | N/A |
| The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command. | ||||
| CVE-2016-4332 | 1 Hdfgroup | 1 Hdf5 | 2025-04-12 | N/A |
| The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library. | ||||
| CVE-2014-3440 | 2 Broadcom, Symantec | 2 Symantec Critical System Protection, Data Center Security | 2025-04-12 | N/A |
| The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file. | ||||
| CVE-2015-2187 | 2 Opensuse, Wireshark | 2 Opensuse, Wireshark | 2025-04-12 | N/A |
| The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and application crash) via a crafted packet. | ||||
| CVE-2014-3285 | 1 Cisco | 1 Wide Area Application Services | 2025-04-12 | N/A |
| Cisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when SharePoint acceleration is enabled, does not properly parse SharePoint responses, which allows remote attackers to cause a denial of service (application-optimization handler reload) via a crafted SharePoint application, aka Bug ID CSCue47674. | ||||
| CVE-2015-3885 | 2 Dcraw Project, Fedoraproject | 2 Dcraw, Fedora | 2025-04-12 | N/A |
| Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable. | ||||
| CVE-2014-3284 | 1 Cisco | 9 Asr 1001, Asr 1002, Asr 1002-x and 6 more | 2025-04-12 | N/A |
| Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180. | ||||
| CVE-2016-7162 | 2 Canonical, File Roller Project | 2 Ubuntu Linux, File Roller | 2025-04-12 | 7.5 High |
| The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive. | ||||
| CVE-2014-3268 | 1 Cisco | 2 Ios, Unified Border Element | 2025-04-12 | N/A |
| Cisco IOS 15.2(4)M4 on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service (input-queue consumption and traffic-processing outage) via crafted RTCP packets, aka Bug ID CSCuj72215. | ||||
| CVE-2014-8680 | 1 Isc | 1 Bind | 2025-04-12 | N/A |
| The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options. | ||||
| CVE-2014-2899 | 1 Yassl | 1 Cyassl | 2025-04-12 | N/A |
| wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2) a client_key_exchange message when the ephemeral key is not found. | ||||