Search Results (Refine Search)
- Category (CWE): CWE-20 Improper Input Validation
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-1086 |
The Audio Drivers subsystem in Apple iOS before 8.3 and Apple TV before 7.2 does not properly validate IOKit object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app. Published: April 10, 2015; 10:59:02 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2015-2822 |
Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102. Published: April 08, 2015; 12:59:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-0799 |
The HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 allows man-in-the-middle attackers to bypass an intended X.509 certificate-verification step for an SSL server by specifying that server in the uri-host field of an Alt-Svc HTTP/2 response header. Published: April 08, 2015; 6:59:01 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-1843 |
The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. NOTE: this vulnerability exists because of a CVE-2014-5277 regression. Published: April 06, 2015; 11:59:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-0685 |
Cisco IOS XE before 3.7.5S on ASR 1000 devices does not properly handle route adjacencies, which allows remote attackers to cause a denial of service (device hang) via crafted IP packets, aka Bug ID CSCub31873. Published: April 02, 2015; 10:00:24 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2015-2819 |
SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a denial of service (crash) via a crafted request, aka SAP Security Note 2108161. Published: April 01, 2015; 10:59:17 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-2752 |
The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm). Published: April 01, 2015; 10:59:06 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2015-0810 |
Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements associated with layered presentation, and crafted JavaScript code that interacts with an IMG element. Published: April 01, 2015; 6:59:09 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-2776 |
The parse_SST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service (memory consumption) via a crafted shared strings table in a workbook. Published: March 31, 2015; 10:59:12 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-2754 |
FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) and possibly execute arbitrary code via a crafted workbook, related to a "premature EOF." Published: March 31, 2015; 10:59:11 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-2753 |
FreeXL before 1.0.0i allows remote attackers to cause a denial of service (stack corruption) or possibly execute arbitrary code via a crafted sector in a workbook. Published: March 31, 2015; 10:59:10 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-2684 |
Shibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of service (crash) via a crafted SAML message. Published: March 31, 2015; 10:59:09 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2014-9462 |
The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command. Published: March 31, 2015; 10:59:03 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-2790 |
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted (1) Ubyte Size in a DataSubBlock structure or (2) LZWMinimumCodeSize in a GIF image. Published: March 30, 2015; 10:59:10 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-1609 |
MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request. Published: March 30, 2015; 10:59:02 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-9653 |
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. Published: March 30, 2015; 6:59:03 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-0679 |
The web-authentication functionality on Cisco Wireless LAN Controller (WLC) devices 7.3(103.8) and 7.4(110.0) allows remote attackers to cause a denial of service (device reload) via a malformed password, aka Bug ID CSCui57980. Published: March 27, 2015; 9:59:53 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.1 MEDIUM |
CVE-2015-0658 |
The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary commands as root by sending crafted response packets on the local network, aka Bug ID CSCur14589. Published: March 27, 2015; 9:59:49 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.9 HIGH |
CVE-2015-2765 |
The Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Published: March 27, 2015; 10:59:14 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-0650 |
The Service Discovery Gateway (aka mDNS Gateway) in Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 3.9.xS and 3.10.xS before 3.10.4S, 3.11.xS before 3.11.3S, 3.12.xS before 3.12.2S, and 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) by sending malformed mDNS UDP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCup70579. Published: March 26, 2015; 6:59:14 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.8 HIGH |