Search Results (24238 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-4722 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 N/A
The IDS - Connectivity component in Apple iOS before 10 and OS X before 10.12 allows man-in-the-middle attackers to conduct Call Relay spoofing attacks and cause a denial of service via unspecified vectors.
CVE-2016-2570 2 Redhat, Squid-cache 2 Enterprise Linux, Squid 2025-04-12 N/A
The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.
CVE-2014-7994 1 Cisco 6 Meraki Mr, Meraki Mr Firmware, Meraki Ms and 3 more 2025-04-12 N/A
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and sending a request to an unspecified HTTP handler on the local network, aka Cisco-Meraki defect ID 00301991.
CVE-2014-3291 1 Cisco 1 Wireless Lan Controller 2025-04-12 N/A
Cisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a zero value in Cisco Discovery Protocol packet data that is not properly handled during SNMP polling, aka Bug ID CSCuo12321.
CVE-2015-8879 2 Php, Redhat 2 Php, Rhel Software Collections 2025-04-12 7.5 High
The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.
CVE-2016-2569 2 Redhat, Squid-cache 2 Enterprise Linux, Squid 2025-04-12 N/A
Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.
CVE-2016-1008 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2025-04-12 N/A
Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2016-4852 2 Aki-null, Apple 2 Yorufukurou, Mac Os X 2025-04-12 N/A
YoruFukurou (NightOwl) before 2.85 relies on support for emoji skin-tone modifiers even though this support is missing from the CoreText CTFramesetter API on OS X 10.9, which allows remote attackers to cause a denial of service (application crash) via a crafted emoji character sequence.
CVE-2016-4353 2 Canonical, Gnupg 2 Ubuntu Linux, Libksba 2025-04-12 N/A
ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data.
CVE-2015-8019 1 Linux 1 Linux Kernel 2025-04-12 N/A
The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call.
CVE-2016-4728 2 Apple, Microsoft 5 Iphone Os, Itunes, Safari and 2 more 2025-04-12 N/A
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 mishandles error prototypes, which allows remote attackers to execute arbitrary code via a crafted web site.
CVE-2016-4960 1 Nvidia 40 Geforce 910m, Geforce 920m, Geforce 920mx and 37 more 2025-04-12 N/A
For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privilege.
CVE-2016-4961 1 Nvidia 40 Geforce 910m, Geforce 920m, Geforce 920mx and 37 more 2025-04-12 N/A
For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStreamKMS.sys API layer caused a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers.
CVE-2016-0287 2 Ibm, Microsoft 2 I Access, Windows 2025-04-12 N/A
IBM i Access 7.1 on Windows allows local users to discover registry passwords via unspecified vectors.
CVE-2015-7548 2 Openstack, Redhat 2 Nova, Openstack 2025-04-12 N/A
OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot.
CVE-2016-2088 1 Isc 1 Bind 2025-04-12 N/A
resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option.
CVE-2016-4967 1 Fortinet 1 Fortiwan 2025-04-12 N/A
Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to obtain sensitive information from (1) a backup of the device configuration via script/cfg_show.php or (2) PCAP files via script/system/tcpdump.php.
CVE-2016-0792 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-12 N/A
Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.
CVE-2015-1932 1 Ibm 2 Websphere Application Server, Websphere Virtual Enterprise 2025-04-12 N/A
IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 and WebSphere Virtual Enterprise before 7.0.0.7 allow remote attackers to obtain potentially sensitive information about the proxy-server software by reading the HTTP Via header.
CVE-2016-4431 1 Apache 1 Struts 2025-04-12 N/A
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method.