Total
227 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-4828 | 1 Collne | 1 Welcart E-commerce | 2023-12-10 | 6.4 MEDIUM | 6.5 MEDIUM |
The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an account. | |||||
CVE-2016-3305 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges, via a crafted application, aka "Windows Session Object Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3306. | |||||
CVE-2016-0808 | 1 Google | 1 Android | 2023-12-10 | 4.9 MEDIUM | 6.2 MEDIUM |
Integer overflow in the getCoverageFormat12 function in CmapCoverage.cpp in the Minikin library in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 allows attackers to cause a denial of service (continuous rebooting) via an application that triggers loading of a crafted TTF font, aka internal bug 25645298. | |||||
CVE-2016-0077 | 1 Microsoft | 2 Edge, Internet Explorer | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
Microsoft Internet Explorer 9 through 11 and Microsoft Edge misparse HTTP responses, which allows remote attackers to spoof web sites via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability." | |||||
CVE-2015-3294 | 2 Oracle, Thekelleys | 2 Solaris, Dnsmasq | 2023-12-10 | 6.4 MEDIUM | N/A |
The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request. | |||||
CVE-2015-3763 | 1 Apple | 1 Iphone Os | 2023-12-10 | 4.3 MEDIUM | N/A |
Safari in Apple iOS before 8.4.1 does not limit the rate of JavaScript alert messages, which allows remote attackers to cause a denial of service (apparent browser locking) via a crafted web site. | |||||
CVE-2015-8240 | 1 F5 | 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 7 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and BIG-IP PEM before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.0 HF6 and BIG-IP PSM before 11.4.1 HF10 does not properly handle TCP options, which allows remote attackers to cause a denial of service via unspecified vectors, related to the tm.minpathmtu database variable. | |||||
CVE-2016-4477 | 1 Google | 1 Android | 2023-12-10 | 4.4 MEDIUM | 7.8 HIGH |
wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service (daemon outage), via a crafted (1) SET, (2) SET_CRED, or (3) SET_NETWORK command. | |||||
CVE-2016-0150 | 1 Microsoft | 1 Windows 10 | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
HTTP.sys in Microsoft Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." | |||||
CVE-2015-5344 | 1 Apache | 1 Camel | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request. | |||||
CVE-2015-8772 | 1 Mcafee | 1 File Lock | 2023-12-10 | 8.5 HIGH | 9.1 CRITICAL |
McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a large VERIFY_INFORMATION.Length value in an IOCTL_DISK_VERIFY ioctl call. | |||||
CVE-2016-0379 | 1 Ibm | 1 Websphere Mq | 2023-12-10 | 3.5 LOW | 3.1 LOW |
IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles protocol flows, which allows remote authenticated users to cause a denial of service (channel outage) by leveraging queue-manager rights. | |||||
CVE-2015-1574 | 1 Google | 1 Email | 2023-12-10 | 5.0 MEDIUM | N/A |
The Google Email application 4.2.2.0200 for Android allows remote attackers to cause a denial of service (persistent application crash) via a "Content-Disposition: ;" header in an e-mail message. | |||||
CVE-2015-0612 | 1 Cisco | 3 Unity Connection, Unity Connection 8.5, Unity Connection 8.6 | 2023-12-10 | 7.1 HIGH | N/A |
The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU6, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (SIP outage) via a crafted UDP packet, aka Bug ID CSCuh25062. | |||||
CVE-2014-0227 | 1 Apache | 1 Tomcat | 2023-12-10 | 6.4 MEDIUM | N/A |
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding. | |||||
CVE-2015-2188 | 5 Debian, Mageia, Opensuse and 2 more | 6 Debian Linux, Mageia, Opensuse and 3 more | 2023-12-10 | 5.0 MEDIUM | N/A |
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression. | |||||
CVE-2015-0618 | 1 Cisco | 3 Carrier Routing System, Ios Xr, Network Convergence System 6000 | 2023-12-10 | 7.1 HIGH | N/A |
Cisco IOS XR 5.0.1 and 5.2.1 on Network Convergence System (NCS) 6000 devices and 5.1.3 and 5.1.4 on Carrier Routing System X (CRS-X) devices allows remote attackers to cause a denial of service (line-card reload) via malformed IPv6 packets with extension headers, aka Bug ID CSCuq95241. | |||||
CVE-2014-6610 | 1 Digium | 2 Asterisk, Certified Asterisk | 2023-12-10 | 4.0 MEDIUM | N/A |
Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application. | |||||
CVE-2015-0695 | 1 Cisco | 7 Asr 9001, Asr 9006, Asr 9010 and 4 more | 2023-12-10 | 7.8 HIGH | N/A |
Cisco IOS XR 4.3.4 through 5.3.0 on ASR 9000 devices, when uRPF, PBR, QoS, or an ACL is configured, does not properly handle bridge-group virtual interface (BVI) traffic, which allows remote attackers to cause a denial of service (chip and card hangs and reloads) by triggering use of a BVI interface for IPv4 packets, aka Bug ID CSCur62957. | |||||
CVE-2015-2190 | 3 Opensuse, Oracle, Wireshark | 3 Opensuse, Solaris, Wireshark | 2023-12-10 | 5.0 MEDIUM | N/A |
epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector. |