Total
227 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-2682 | 1 Zend | 10 Zend Framework, Zendopenid, Zendrest and 7 more | 2023-12-10 | 6.8 MEDIUM | N/A |
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0, when PHP-FPM is used, does not properly share the libxml_disable_entity_loader setting between threads, which might allow remote attackers to conduct XML External Entity (XXE) attacks via an XML external entity declaration in conjunction with an entity reference. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657. | |||||
CVE-2015-1229 | 3 Canonical, Google, Redhat | 6 Ubuntu Linux, Chrome, Enterprise Linux Desktop Supplementary and 3 more | 2023-12-10 | 5.0 MEDIUM | N/A |
net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response. | |||||
CVE-2014-9350 | 1 Tp-link | 2 Tl-wr740n, Tl-wr740n Firmware | 2023-12-10 | 5.0 MEDIUM | N/A |
TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 130529, and 3.16.4 Build 130205 allows remote attackers to cause a denial of service (httpd crash) via vectors involving a "new" value in the isNew parameter to PingIframeRpm.htm. | |||||
CVE-2015-1827 | 2 Fedoraproject, Freeipa | 2 Fedora, Freeipa | 2023-12-10 | 5.0 MEDIUM | N/A |
The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups. | |||||
CVE-2014-8822 | 1 Apple | 1 Mac Os X | 2023-12-10 | 10.0 HIGH | N/A |
IOHIDFamily in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a kernel context or cause a denial of service (write to kernel memory) via a crafted app that calls an unspecified user-client method. | |||||
CVE-2014-7928 | 1 Google | 1 Chrome | 2023-12-10 | 7.5 HIGH | N/A |
hydrogen.cc in Google V8, as used Google Chrome before 40.0.2214.91, does not properly handle arrays with holes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code that triggers an array copy. | |||||
CVE-2015-1062 | 1 Apple | 2 Iphone Os, Tvos | 2023-12-10 | 5.0 MEDIUM | N/A |
MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app. | |||||
CVE-2015-0097 | 1 Microsoft | 3 Excel, Powerpoint, Word | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Excel 2010 SP2, PowerPoint 2010 SP2, and Word 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Word Local Zone Remote Code Execution Vulnerability." | |||||
CVE-2014-9034 | 1 Wordpress | 1 Wordpress | 2023-12-10 | 5.0 MEDIUM | N/A |
wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016. | |||||
CVE-2015-0560 | 2 Opensuse, Wireshark | 2 Opensuse, Wireshark | 2023-12-10 | 5.0 MEDIUM | N/A |
The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
CVE-2014-7141 | 1 Squid-cache | 1 Squid | 2023-12-10 | 6.4 MEDIUM | N/A |
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet. | |||||
CVE-2013-4769 | 1 Eucalyptus | 1 Eucalyptus | 2023-12-10 | 4.3 MEDIUM | N/A |
The cloud controller (aka CLC) component in Eucalyptus 3.3.x and 3.4.x before 3.4.2, when the dns.recursive.enabled setting is used, allows remote attackers to cause a denial of service (traffic amplification) via spoofed DNS queries. | |||||
CVE-2014-6089 | 1 Ibm | 2 Security Access Manager For Mobile, Security Access Manager For Web | 2023-12-10 | 4.0 MEDIUM | N/A |
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote authenticated users to cause a denial of service (disrupted system operations) by uploading a file to a protected area. | |||||
CVE-2014-3916 | 1 Rubyonrails | 1 Rails | 2023-12-10 | 5.0 MEDIUM | N/A |
The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string. | |||||
CVE-2014-2681 | 1 Zend | 10 Zend Framework, Zendopenid, Zendrest and 7 more | 2023-12-10 | 6.4 MEDIUM | N/A |
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657. | |||||
CVE-2014-4488 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2023-12-10 | 10.0 HIGH | N/A |
IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
CVE-2014-8014 | 1 Cisco | 1 Ios Xr | 2023-12-10 | 5.0 MEDIUM | N/A |
Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCub63710. | |||||
CVE-2014-3756 | 1 Mumble | 1 Mumble | 2023-12-10 | 5.0 MEDIUM | N/A |
The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip. | |||||
CVE-2014-9221 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-12-10 | 5.0 MEDIUM | N/A |
strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025. | |||||
CVE-2015-2239 | 1 Google | 1 Chrome | 2023-12-10 | 4.3 MEDIUM | N/A |
Google Chrome before 41.0.2272.76, when Instant Extended mode is used, does not properly consider the interaction between the "1993 search" features and restore-from-disk RELOAD transitions, which makes it easier for remote attackers to spoof the address bar for a search-results page by leveraging (1) a compromised search engine or (2) an XSS vulnerability in a search engine, a different vulnerability than CVE-2015-1231. |