Total
227 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3629 | 1 Apache | 1 Qpid | 2023-12-10 | 4.3 MEDIUM | N/A |
| XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message. | |||||
| CVE-2015-0081 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2023-12-10 | 9.3 HIGH | N/A |
| Windows Text Services (WTS) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "WTS Remote Code Execution Vulnerability." | |||||
| CVE-2015-0598 | 1 Cisco | 2 Ios, Ios Xe | 2023-12-10 | 6.8 MEDIUM | N/A |
| The RADIUS implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted IPv6 Attributes in Access-Accept packets, aka Bug IDs CSCur84322 and CSCur27693. | |||||
| CVE-2014-8826 | 1 Apple | 1 Mac Os X | 2023-12-10 | 5.0 MEDIUM | N/A |
| LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive. | |||||
| CVE-2014-8598 | 1 Mantisbt | 1 Mantisbt | 2023-12-10 | 6.4 MEDIUM | N/A |
| The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code. | |||||
| CVE-2014-4492 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2023-12-10 | 7.5 HIGH | N/A |
| libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type. | |||||
| CVE-2015-0614 | 1 Cisco | 1 Unity Connection | 2023-12-10 | 7.1 HIGH | N/A |
| The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul26267. | |||||
| CVE-2014-6053 | 3 Canonical, Debian, Libvncserver | 3 Ubuntu Linux, Debian Linux, Libvncserver | 2023-12-10 | 5.0 MEDIUM | N/A |
| The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc. | |||||
| CVE-2015-0615 | 1 Cisco | 1 Unity Connection | 2023-12-10 | 7.1 HIGH | N/A |
| The call-handling implementation in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (port consumption) by improperly terminating SIP sessions, aka Bug ID CSCul28089. | |||||
| CVE-2015-0060 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2023-12-10 | 4.7 MEDIUM | N/A |
| The font mapper in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly scale fonts, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Windows Font Driver Denial of Service Vulnerability." | |||||
| CVE-2015-0616 | 1 Cisco | 1 Unity Connection | 2023-12-10 | 7.1 HIGH | N/A |
| The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) by improperly terminating SIP TCP connections, aka Bug ID CSCul69819. | |||||
| CVE-2014-8817 | 1 Apple | 1 Mac Os X | 2023-12-10 | 10.0 HIGH | N/A |
| coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a privileged context via a crafted app, as demonstrated by lack of verification of xpc_dictionary_get_value API return values during handling of a (1) match_mmap_archives, (2) delete_mmap_archives, (3) write_mmap_archive, or (4) read_mmap_archive command. | |||||
| CVE-2015-0613 | 1 Cisco | 1 Unity Connection | 2023-12-10 | 7.1 HIGH | N/A |
| The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul20444. | |||||
| CVE-2014-9194 | 1 Arbiter | 1 1094b Gps Substation Clock | 2023-12-10 | 7.8 HIGH | N/A |
| Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts. | |||||
| CVE-2014-4484 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2023-12-10 | 7.5 HIGH | N/A |
| FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file. | |||||
| CVE-2014-8298 | 1 Nvidia | 1 Gpu Driver | 2023-12-10 | 7.5 HIGH | N/A |
| The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Linux for Tegra (L4T) driver before R21.2, and Chrome OS driver before R40 allows remote attackers to cause a denial of service (segmentation fault and X server crash) or possibly execute arbitrary code via a crafted GLX indirect rendering protocol request. | |||||
| CVE-2015-2285 | 1 Ubuntu | 2 Upstart, Vivid | 2023-12-10 | 7.2 HIGH | N/A |
| The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart package before 1.13.2-0ubuntu9, as used in Ubuntu Vivid 15.04, allows local users to execute arbitrary commands and gain privileges via a crafted file in /run/user/*/upstart/sessions/. | |||||
| CVE-2015-0621 | 1 Cisco | 1 Telepresence Mcu 4500 Series Software | 2023-12-10 | 7.8 HIGH | N/A |
| Cisco TelePresence MCU devices with software 4.5(1.45) allow remote attackers to cause a denial of service (device reload) via an unspecified series of TCP packets, aka Bug ID CSCur50347. | |||||
| CVE-2015-0819 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2023-12-10 | 4.3 MEDIUM | N/A |
| The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking attacks by leveraging access to a UI Tour web site. | |||||
| CVE-2015-1648 | 1 Microsoft | 1 .net Framework | 2023-12-10 | 2.6 LOW | N/A |
| ASP.NET in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, when the customErrors configuration is disabled, allows remote attackers to obtain sensitive configuration-file information via a crafted request, aka "ASP.NET Information Disclosure Vulnerability." | |||||