Search Results (Refine Search)
- Category (CWE): CWE-20 Improper Input Validation
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-0652 |
The Session Description Protocol (SDP) implementation in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X8.2 and Cisco TelePresence Conductor before XC2.4 allows remote attackers to cause a denial of service (mishandled exception and device reload) via a crafted media description, aka Bug IDs CSCus96593 and CSCun73192. Published: March 12, 2015; 9:59:31 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2015-0523 |
EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allow remote attackers to cause an Administration Server denial of service via an invalid MIME e-mail message with a multipart/* Content-Type header. Published: March 12, 2015; 6:59:02 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2015-2187 |
The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and application crash) via a crafted packet. Published: March 07, 2015; 9:59:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-0228 |
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function. Published: March 07, 2015; 9:59:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-2177 |
Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 102 or (2) Profibus. Published: March 06, 2015; 9:59:09 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2014-9369 |
Siemens SPC controllers SPC4000, SPC5000, and SPC6000 before 3.6.0 allow remote attackers to cause a denial of service (device restart) via crafted packets. Published: March 06, 2015; 9:59:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2015-1483 |
Symantec NetBackup OpsCenter 7.6.0.2 through 7.6.1 on Linux and UNIX allows remote attackers to execute arbitrary JavaScript code via unspecified vectors. Published: March 05, 2015; 10:00:25 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-0661 |
The SNMPv2 implementation in Cisco IOS XR allows remote authenticated users to cause a denial of service (snmpd daemon reload) via a malformed SNMP packet, aka Bug ID CSCur25858. Published: March 05, 2015; 10:00:16 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2015-0657 |
Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCur69192. Published: March 05, 2015; 10:00:14 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-8160 |
net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers. Published: March 02, 2015; 6:59:02 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-0633 |
The Integrated Management Controller (IMC) in Cisco Unified Computing System (UCS) 1.4(7h) and earlier on C-Series servers allows remote attackers to bypass intended access restrictions by sending crafted DHCP response packets on the local network, aka Bug ID CSCuf52876. Published: February 25, 2015; 8:59:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-2055 |
Zhone GPON 2520 with firmware R4.0.2.566b allows remote attackers to cause a denial of service via a long string in the oldpassword parameter. Published: February 23, 2015; 12:59:12 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2015-2053 |
The log viewer in McAfee Agent (MA) before 4.8.0 Patch 3 and 5.0.0, when the "Accept connections only from the ePO server" option is disabled, allows remote attackers to conduct clickjacking attacks via a crafted web page, aka an "http-generic-click-jacking" vulnerability. Published: February 23, 2015; 12:59:10 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-0624 |
The web framework in Cisco AsyncOS on Email Security Appliance (ESA), Content Security Management Appliance (SMA), and Web Security Appliance (WSA) devices allows remote attackers to trigger redirects via a crafted HTTP header, aka Bug IDs CSCur44412, CSCur44415, CSCur89630, CSCur89636, CSCur89633, and CSCur89639. Published: February 21, 2015; 6:59:02 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-0879 |
CREAR AL-Mail32 before 1.13d allows remote attackers to cause a denial of service (application crash) via a (1) CON, (2) AUX, or (3) NUL device name in the filename of an attachment. Published: February 20, 2015; 6:59:02 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-0584 |
The image-upgrade implementation on Cisco Desktop Collaboration Experience (aka Collaboration Desk Experience or DX) DX650 endpoints allows local users to execute arbitrary OS commands via an unspecified parameter, aka Bug ID CSCus38947. Published: February 19, 2015; 9:59:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2015-1604 |
Unrestricted file upload vulnerability in asys/site/files.php in Adminsystems CMS before 4.0.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/files/. Published: February 19, 2015; 10:59:18 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2012-6687 |
FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause a denial of service (segmentation fault and crash) via a large number of connections. Published: February 19, 2015; 10:59:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-0626 |
The SOAP interface in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to obtain access to system-management tools via crafted Challenge SOAP calls, aka Bug ID CSCuc38114. Published: February 18, 2015; 7:59:02 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-0622 |
The Wireless Intrusion Detection (aka WIDS) functionality on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device outage) via crafted packets that are improperly handled during rendering of the Signature Events Summary page, aka Bug ID CSCus46861. Published: February 18, 2015; 7:59:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.1 HIGH |