| Severity | Description | ||||||
|---|---|---|---|---|---|---|---|
| CVE-2020-3222 | Medium | 4.3 v3 | 0.4% | - | -No fix available yet | 2020-06-03 | A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass access control restrictions on an affected device. The vulnerability is due to the presence of a proxy service at a specific endpoint of the web UI. An attacker could exploit this vulnerability by connecting to the proxy service. An exploit could allow the attacker to bypass access restrictions on the network by proxying their access request through the management network of the affected device. As the proxy is reached over the management virtual routing and forwarding (VRF), this could reduce the effectiveness of the bypass. |
| CVE-2016-2169 | Medium | 5.3 v3 | 1.0% | - | Fix available | 2018-04-18 | Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and receive traffic intended for the service. |
| CVE-2016-10481 | Critical | 9.8 v3 | 1.3% | - | -No fix available yet | 2018-04-18 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, if WLAN FW receives the WMI_STA_SMPS_PARAM_CMDID ioctl in not-associated state, when the virtual channel handle is not assigned, the code doesn't check for NULL virtual channel handle, so an assert occurs. |
| CVE-2015-9213 | High | 7.5 v3 | 0.7% | - | -No fix available yet | 2018-04-18 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, the DIAG-EFS command EFS2_DIAG_DELTREE, which is handled by the function fs_diag_deltree_handler(), is used to delete files and directories only inside the /public folder. |
| CVE-2016-10075 | High | 7.8 v3 | 0.4% | - | Fix available | 2017-01-19 | The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory. |
| CVE-2016-10142 | High | 8.6 v3 | 2.7% | - | -No fix available yet | 2017-01-14 | An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages. (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security implications of IP fragmentation have been discussed at length in [RFC6274] and [RFC7739]. An attacker can leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and can subsequently perform any type of fragmentation-based attack against legacy IPv6 nodes that do not implement [RFC6946]. That is, employing fragmentation where not actually needed allows for fragmentation-based attack vectors to be employed, unnecessarily. We note that, unfortunately, even nodes that alrea |
| CVE-2016-3721 | Medium | 4.3 v3 | 2.1% | - | -No fix available yet | 2016-05-17 | Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables. |
| CVE-2015-5229 | High | 7.5 v3 | 2.2% | - | -No fix available yet | 2016-04-08 | The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors. |
| CVE-2016-1640 | Medium | 4.3 v3 | 1.1% | - | -No fix available yet | 2016-03-06 | The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the user's next navigation target via a crafted web site. |
| CVE-2016-2314 | Medium | 4.9 v3 | 0.9% | - | -No fix available yet | 2016-02-15 | GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices V200R002B022 Arg, allows remote authenticated users to cause a denial of service (device outage) by using the FTP MKD command to create a directory with a long name, and then using certain other commands. |
| CVE-2016-1943 | Medium | 4.7 v3 | 1.0% | - | -No fix available yet | 2016-01-31 | Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method. |
| CVE-2016-1940 | Medium | 5.3 v3 | 0.7% | - | -No fix available yet | 2016-01-31 | Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing. |
| CVE-2016-1571 | Medium | 6.3 v3 | 1.3% | - | Fix available | 2016-01-22 | The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check. |
| CVE-2015-8547 | High | 7.5 v3 | 2.8% | - | Fix available | 2016-01-08 | The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query. |
| CVE-2015-8027 | High | 7.5 v3 | 5.4% | - | Fix available | 2016-01-02 | Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service (uncaughtException and service outage) via a pipelined HTTP request. |
| CVE-2015-7410 | High | 7.4 v3 | 0.9% | - | -No fix available yet | 2016-01-01 | The Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunction with HTTPS sessions, which allows man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors. |
| CVE-2015-4943 | Medium | 5.3 v3 | 2.4% | - | -No fix available yet | 2016-01-01 | IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-2015-4942. |
| CVE-2015-4941 | Medium | 5.3 v3 | 2.4% | - | -No fix available yet | 2016-01-01 | IBM WebSphere MQ Light 1.x before 1.0.2 mishandles abbreviated TLS handshakes, which allows remote attackers to cause a denial of service (MQXR service crash) via unspecified vectors. |
| CVE-2015-7441 | Medium | 6.8 v3 | 1.4% | - | -No fix available yet | 2016-01-01 | Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. |
| CVE-2015-7793 | Medium | 5.8 v3 | 1.6% | - | -No fix available yet | 2015-12-30 | Corega CG-WLBARAGM devices provide an open proxy service, which allows remote attackers to trigger outbound network traffic via unspecified vectors. |
| CVE-2015-8340 | Medium | 4.7 v2 | 0.4% | - | Fix available | 2015-12-17 | The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange error handling. |
| CVE-2015-7204 | Medium | 6.8 v2 | 3.5% | - | Fix available | 2015-12-16 | Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments. |
| CVE-2015-7045 | Medium | 5.0 v2 | 1.5% | - | -No fix available yet | 2015-12-11 | Keychain Access in Apple OS X before 10.11.2 and tvOS before 9.1 improperly interacts with Keychain Agent, which allows attackers to spoof the Keychain Server via unspecified vectors. |
| CVE-2015-0859 | High | 7.5 v2 | 2.3% | - | Fix available | 2015-12-03 | The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokeping_cgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments. |
| CVE-2015-8216 | High | 7.5 v2 | 2.4% | - | Fix available | 2015-11-17 | The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg before 2.8.2 omits certain width and height checks, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data. |
| CVE-2015-4963 | High | 7.5 v2 | 3.3% | - | -No fix available yet | 2015-11-08 | IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before 8.0.1.3 mishandles WebSEAL HTTPTransformation requests, which allows remote attackers to read or write to arbitrary files via unspecified vectors. |
| CVE-2015-8082 | High | 7.5 v2 | 1.6% | - | -No fix available yet | 2015-11-06 | The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the user_logout function, which allows remote attackers to bypass the logout protection mechanism by leveraging a contributed user authentication module, as demonstrated by the CAS and URL Login modules. |
| CVE-2015-7200 | High | 7.5 v2 | 2.1% | - | Fix available | 2015-11-05 | The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key. |
| CVE-2015-7196 | Medium | 6.8 v2 | 3.7% | - | Fix available | 2015-11-05 | Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript wrapper. |
| CVE-2015-7192 | High | 7.5 v2 | 3.0% | - | -No fix available yet | 2015-11-05 | The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X improperly interacts with the implementation of the TABLE element, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using an NSAccessibilityIndexAttribute value to reference a row index. |
| CVE-2015-7023 | Medium | 5.8 v2 | 1.6% | - | -No fix available yet | 2015-10-23 | CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors. |
| CVE-2015-7035 | High | 7.5 v2 | 1.8% | - | -No fix available yet | 2015-10-23 | Apple Mac EFI before 2015-002, as used in OS X before 10.11.1 and other products, mishandles arguments, which allows attackers to reach "unused" functions via unspecified vectors. |
| CVE-2015-7030 | High | 7.5 v2 | 1.6% | - | -No fix available yet | 2015-10-23 | The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors. |
| CVE-2015-7833 | Medium | 4.9 v2 | 0.7% | - | Fix available | 2015-10-19 | The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor. |
| CVE-2015-0275 | Medium | 4.9 v2 | 0.5% | - | Fix available | 2015-10-19 | The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service (BUG) via a crafted fallocate zero-range request. |
| CVE-2015-6760 | High | 7.5 v2 | 1.4% | - | -No fix available yet | 2015-10-15 | The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service (invalid read or write) or possibly have unspecified other impact via vectors involving a removed device. |
| CVE-2015-6758 | Medium | 6.8 v2 | 1.4% | - | -No fix available yet | 2015-10-15 | The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. |
| CVE-2015-5915 | Medium | 5.0 v2 | 1.5% | - | -No fix available yet | 2015-10-09 | Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors. |
| CVE-2015-5914 | Medium | 4.7 v2 | 0.4% | - | -No fix available yet | 2015-10-09 | The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. NOTE: this issue exists because of an incomplete fix for CVE-2014-4498. |
| CVE-2015-5894 | Medium | 4.3 v2 | 0.8% | - | -No fix available yet | 2015-10-09 | The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate. |
| CVE-2015-5887 | High | 10.0 v2 | 2.5% | - | -No fix available yet | 2015-10-09 | The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data. |
| CVE-2015-7311 | Low | 3.6 v2 | 0.4% | - | Fix available | 2015-10-01 | libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image. |
| CVE-2015-5912 | Medium | 5.0 v2 | 1.7% | - | -No fix available yet | 2015-09-18 | The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses. |
| CVE-2015-2535 | Medium | 4.0 v2 | 12% | - | -No fix available yet | 2015-09-09 | Active Directory in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service outage) by creating multiple machine accounts, aka "Active Directory Denial of Service Vulnerability." |
| CVE-2015-2526 | Medium | 5.0 v2 | 24% | - | -No fix available yet | 2015-09-09 | Microsoft .NET Framework 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to cause a denial of service to an ASP.NET web site via crafted requests, aka "MVC Denial of Service Vulnerability." |
| CVE-2015-1841 | Low | 3.7 v2 | 0.3% | - | -No fix available yet | 2015-09-08 | The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view. |
| CVE-2015-6823 | High | 7.5 v2 | 2.4% | - | Fix available | 2015-09-06 | The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data. |
| CVE-2015-6822 | High | 7.5 v2 | 2.4% | - | Fix available | 2015-09-06 | The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data. |
| CVE-2015-6818 | High | 7.5 v2 | 2.4% | - | Fix available | 2015-09-06 | The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks. |
| CVE-2015-6736 | Medium | 5.0 v2 | 2.7% | - | -No fix available yet | 2015-09-01 | The Quiz extension for MediaWiki allows remote attackers to cause a denial of service via regex metacharacters in a regular expression. |
- MediumCVSS 4.3 v3·EPSS 0.4%·No fix yet
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass access control restrictions on an affected device. The vulnerability is due to the presence of a proxy service at a specific endpoint of the web UI. An attacker could exploit this vulnerability by connecting to the proxy service. An exploit could allow the attacker to bypass access restrictions on the network by proxying their access request through the management network of the affected device. As the proxy is reached over the management virtual routing and forwarding (VRF), this could reduce the effectiveness of the bypass.
Published 2020-06-03
- MediumCVSS 5.3 v3·EPSS 1.0%·Fix available
Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and receive traffic intended for the service.
Published 2018-04-18
- CriticalCVSS 9.8 v3·EPSS 1.3%·No fix yet
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, if WLAN FW receives the WMI_STA_SMPS_PARAM_CMDID ioctl in not-associated state, when the virtual channel handle is not assigned, the code doesn't check for NULL virtual channel handle, so an assert occurs.
Published 2018-04-18
- HighCVSS 7.5 v3·EPSS 0.7%·No fix yet
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, the DIAG-EFS command EFS2_DIAG_DELTREE, which is handled by the function fs_diag_deltree_handler(), is used to delete files and directories only inside the /public folder.
Published 2018-04-18
- HighCVSS 7.8 v3·EPSS 0.4%·Fix available
The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory.
Published 2017-01-19
- HighCVSS 8.6 v3·EPSS 2.7%·No fix yet
An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages. (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security implications of IP fragmentation have been discussed at length in [RFC6274] and [RFC7739]. An attacker can leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and can subsequently perform any type of fragmentation-based attack against legacy IPv6 nodes that do not implement [RFC6946]. That is, employing fragmentation where not actually needed allows for fragmentation-based attack vectors to be employed, unnecessarily. We note that, unfortunately, even nodes that alrea
Published 2017-01-14
- MediumCVSS 4.3 v3·EPSS 2.1%·No fix yet
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.
Published 2016-05-17
- HighCVSS 7.5 v3·EPSS 2.2%·No fix yet
The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.
Published 2016-04-08
- MediumCVSS 4.3 v3·EPSS 1.1%·No fix yet
The Web Store inline-installer implementation in the Extensions UI in Google Chrome before 49.0.2623.75 does not block installations upon deletion of an installation frame, which makes it easier for remote attackers to trick a user into believing that an installation request originated from the user's next navigation target via a crafted web site.
Published 2016-03-06
- MediumCVSS 4.9 v3·EPSS 0.9%·No fix yet
GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices V200R002B022 Arg, allows remote authenticated users to cause a denial of service (device outage) by using the FTP MKD command to create a directory with a long name, and then using certain other commands.
Published 2016-02-15
- MediumCVSS 4.7 v3·EPSS 1.0%·No fix yet
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.
Published 2016-01-31
- MediumCVSS 5.3 v3·EPSS 0.7%·No fix yet
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing.
Published 2016-01-31
- MediumCVSS 6.3 v3·EPSS 1.3%·Fix available
The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check.
Published 2016-01-22
- HighCVSS 7.5 v3·EPSS 2.8%·Fix available
The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query.
Published 2016-01-08
- HighCVSS 7.5 v3·EPSS 5.4%·Fix available
Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service (uncaughtException and service outage) via a pipelined HTTP request.
Published 2016-01-02
- HighCVSS 7.4 v3·EPSS 0.9%·No fix yet
The Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunction with HTTPS sessions, which allows man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.
Published 2016-01-01
- MediumCVSS 5.3 v3·EPSS 2.4%·No fix yet
IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-2015-4942.
Published 2016-01-01
- MediumCVSS 5.3 v3·EPSS 2.4%·No fix yet
IBM WebSphere MQ Light 1.x before 1.0.2 mishandles abbreviated TLS handshakes, which allows remote attackers to cause a denial of service (MQXR service crash) via unspecified vectors.
Published 2016-01-01
- MediumCVSS 6.8 v3·EPSS 1.4%·No fix yet
Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
Published 2016-01-01
- MediumCVSS 5.8 v3·EPSS 1.6%·No fix yet
Corega CG-WLBARAGM devices provide an open proxy service, which allows remote attackers to trigger outbound network traffic via unspecified vectors.
Published 2015-12-30
- MediumCVSS 4.7 v2·EPSS 0.4%·Fix available
The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange error handling.
Published 2015-12-17
- MediumCVSS 6.8 v2·EPSS 3.5%·Fix available
Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments.
Published 2015-12-16
- MediumCVSS 5.0 v2·EPSS 1.5%·No fix yet
Keychain Access in Apple OS X before 10.11.2 and tvOS before 9.1 improperly interacts with Keychain Agent, which allows attackers to spoof the Keychain Server via unspecified vectors.
Published 2015-12-11
- HighCVSS 7.5 v2·EPSS 2.3%·Fix available
The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokeping_cgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments.
Published 2015-12-03
- HighCVSS 7.5 v2·EPSS 2.4%·Fix available
The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg before 2.8.2 omits certain width and height checks, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data.
Published 2015-11-17
- HighCVSS 7.5 v2·EPSS 3.3%·No fix yet
IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before 8.0.1.3 mishandles WebSEAL HTTPTransformation requests, which allows remote attackers to read or write to arbitrary files via unspecified vectors.
Published 2015-11-08
- HighCVSS 7.5 v2·EPSS 1.6%·No fix yet
The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the user_logout function, which allows remote attackers to bypass the logout protection mechanism by leveraging a contributed user authentication module, as demonstrated by the CAS and URL Login modules.
Published 2015-11-06
- HighCVSS 7.5 v2·EPSS 2.1%·Fix available
The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key.
Published 2015-11-05
- MediumCVSS 6.8 v2·EPSS 3.7%·Fix available
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript wrapper.
Published 2015-11-05
- HighCVSS 7.5 v2·EPSS 3.0%·No fix yet
The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X improperly interacts with the implementation of the TABLE element, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using an NSAccessibilityIndexAttribute value to reference a row index.
Published 2015-11-05
- MediumCVSS 5.8 v2·EPSS 1.6%·No fix yet
CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors.
Published 2015-10-23
- HighCVSS 7.5 v2·EPSS 1.8%·No fix yet
Apple Mac EFI before 2015-002, as used in OS X before 10.11.1 and other products, mishandles arguments, which allows attackers to reach "unused" functions via unspecified vectors.
Published 2015-10-23
- HighCVSS 7.5 v2·EPSS 1.6%·No fix yet
The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors.
Published 2015-10-23
- MediumCVSS 4.9 v2·EPSS 0.7%·Fix available
The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor.
Published 2015-10-19
- MediumCVSS 4.9 v2·EPSS 0.5%·Fix available
The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service (BUG) via a crafted fallocate zero-range request.
Published 2015-10-19
- HighCVSS 7.5 v2·EPSS 1.4%·No fix yet
The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attackers to cause a denial of service (invalid read or write) or possibly have unspecified other impact via vectors involving a removed device.
Published 2015-10-15
- MediumCVSS 6.8 v2·EPSS 1.4%·No fix yet
The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.
Published 2015-10-15
- MediumCVSS 5.0 v2·EPSS 1.5%·No fix yet
Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors.
Published 2015-10-09
- MediumCVSS 4.7 v2·EPSS 0.4%·No fix yet
The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. NOTE: this issue exists because of an incomplete fix for CVE-2014-4498.
Published 2015-10-09
- MediumCVSS 4.3 v2·EPSS 0.8%·No fix yet
The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate.
Published 2015-10-09
- HighCVSS 10.0 v2·EPSS 2.5%·No fix yet
The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data.
Published 2015-10-09
- CVSS 3.6 v2·EPSS 0.4%·Fix available
libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.
Published 2015-10-01
- MediumCVSS 5.0 v2·EPSS 1.7%·No fix yet
The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses.
Published 2015-09-18
- MediumCVSS 4.0 v2·EPSS 12%·No fix yet
Active Directory in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service outage) by creating multiple machine accounts, aka "Active Directory Denial of Service Vulnerability."
Published 2015-09-09
- MediumCVSS 5.0 v2·EPSS 24%·No fix yet
Microsoft .NET Framework 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to cause a denial of service to an ASP.NET web site via crafted requests, aka "MVC Denial of Service Vulnerability."
Published 2015-09-09
- CVSS 3.7 v2·EPSS 0.3%·No fix yet
The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view.
Published 2015-09-08
- HighCVSS 7.5 v2·EPSS 2.4%·Fix available
The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data.
Published 2015-09-06
- HighCVSS 7.5 v2·EPSS 2.4%·Fix available
The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data.
Published 2015-09-06
- HighCVSS 7.5 v2·EPSS 2.4%·Fix available
The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks.
Published 2015-09-06
- MediumCVSS 5.0 v2·EPSS 2.7%·No fix yet
The Quiz extension for MediaWiki allows remote attackers to cause a denial of service via regex metacharacters in a regular expression.
Published 2015-09-01
Uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog.