Total
166 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4620 | 1 Isc | 1 Bind | 2018-10-30 | 7.8 HIGH | N/A |
| name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone. | |||||
| CVE-2015-7311 | 1 Xen | 1 Xen | 2018-10-30 | 3.6 LOW | N/A |
| libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image. | |||||
| CVE-2015-2751 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2018-10-30 | 7.1 HIGH | N/A |
| Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations. | |||||
| CVE-2016-1571 | 2 Citrix, Xen | 2 Xenserver, Xen | 2018-10-30 | 4.7 MEDIUM | 6.3 MEDIUM |
| The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check. | |||||
| CVE-2016-10075 | 1 Tqdm Project | 1 Tqdm | 2018-10-21 | 4.6 MEDIUM | 7.8 HIGH |
| The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory. | |||||
| CVE-2015-2526 | 1 Microsoft | 1 .net Framework | 2018-10-12 | 5.0 MEDIUM | N/A |
| Microsoft .NET Framework 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to cause a denial of service to an ASP.NET web site via crafted requests, aka "MVC Denial of Service Vulnerability." | |||||
| CVE-2015-1728 | 1 Microsoft | 1 Windows Media Player | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft Windows Media Player 10 through 12 allows remote attackers to execute arbitrary code via a crafted DataObject on a web site, aka "Windows Media Player RCE via DataObject Vulnerability." | |||||
| CVE-2015-5912 | 1 Apple | 2 Iphone Os, Mac Os X | 2018-10-09 | 5.0 MEDIUM | N/A |
| The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses. | |||||
| CVE-2014-9707 | 1 Embedthis | 1 Goahead | 2018-10-09 | 7.5 HIGH | N/A |
| EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (heap-based buffer overflow and crash), or possibly execute arbitrary code via a crafted URI. | |||||
| CVE-2014-9143 | 1 Technicolor | 1 Td5130 Router Firmware | 2018-10-09 | 4.3 MEDIUM | N/A |
| Open redirect vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the failrefer parameter. | |||||
| CVE-2015-1935 | 1 Ibm | 1 Db2 | 2018-09-26 | 8.0 HIGH | N/A |
| The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors. | |||||
| CVE-2014-9222 | 1 Allegrosoft | 1 Rompager | 2018-08-31 | 10.0 HIGH | N/A |
| AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability. | |||||
| CVE-2016-2169 | 1 Cloudfoundry | 3 Capi-release, Cf-release, Cloud Controller | 2018-05-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and receive traffic intended for the service. | |||||
| CVE-2015-9213 | 1 Qualcomm | 70 Mdm9206, Mdm9206 Firmware, Mdm9607 and 67 more | 2018-05-09 | 5.0 MEDIUM | 7.5 HIGH |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, the DIAG-EFS command EFS2_DIAG_DELTREE, which is handled by the function fs_diag_deltree_handler(), is used to delete files and directories only inside the /public folder. | |||||
| CVE-2016-10481 | 1 Qualcomm | 52 Mdm9607, Mdm9607 Firmware, Mdm9635m and 49 more | 2018-05-02 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, if WLAN FW receives the WMI_STA_SMPS_PARAM_CMDID ioctl in not-associated state, when the virtual channel handle is not assigned, the code doesn't check for NULL virtual channel handle, so an assert occurs. | |||||
| CVE-2015-1805 | 2 Google, Linux | 2 Android, Linux Kernel | 2018-01-05 | 7.2 HIGH | N/A |
| The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." | |||||
| CVE-2015-1799 | 1 Ntp | 1 Ntp | 2018-01-05 | 4.3 MEDIUM | N/A |
| The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer. | |||||
| CVE-2006-5757 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 1.2 LOW | N/A |
| Race condition in the __find_get_block_slow function in the ISO9660 filesystem in Linux 2.6.18 and possibly other versions allows local users to cause a denial of service (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed data structures. | |||||
| CVE-2015-0173 | 1 Ibm | 1 Websphere Mq Internet Pass Thru | 2017-09-23 | 4.3 MEDIUM | N/A |
| The HTTP connection-management functionality in Internet Pass-Thru (IPT) before 2.1.0.2 in IBM WebSphere MQ, when HTTPS is disabled, does not properly generate MQIPT Session IDs, which makes it easier for remote attackers to bypass intended restrictions on MQ message data by predicting an ID value. | |||||
| CVE-2015-5748 | 1 Apple | 3 Iphone Os, Mac Os X, Safari | 2017-09-21 | 2.1 LOW | N/A |
| The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume. | |||||