Search Results (363341 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-0694 1 Cisco 7 Asr 9001, Asr 9006, Asr 9010 and 4 more 2025-04-12 N/A
Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806.
CVE-2013-3481 1 B-e-soft 2 Artweaver Free, Artweaver Plus 2025-04-12 N/A
Stack-based buffer overflow in Artweaver Plus and Free before 3.1.5 allows remote attackers to execute arbitrary code via a crafted JPG image file.
CVE-2015-0705 1 Cisco 1 Unified Meetingplace 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the SOAP API endpoints of the web-services directory in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts, aka Bug ID CSCus97494.
CVE-2015-0707 1 Cisco 1 Firesight System Software 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Cisco FireSIGHT System Software 5.3.1.1 and 6.0.0 in FireSIGHT Management Center allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCus85425.
CVE-2016-6595 1 Docker 1 Docker 2025-04-12 N/A
The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions. NOTE: the vendor disputes this issue, stating that this sequence is not "removing the state that is left by old nodes. At some point the manager obviously stops being able to accept new nodes, since it runs out of memory. Given that both for Docker swarm and for Docker Swarmkit nodes are *required* to provide a secret token (it's actually the only mode of operation), this means that no adversary can simply join nodes and exhaust manager resources. We can't do anything about a manager running out of memory and not being able to add new legitimate nodes to the system. This is merely a resource provisioning issue, and definitely not a CVE worthy vulnerability.
CVE-2014-7899 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string.
CVE-2015-0711 1 Cisco 4 Asr 5000, Asr 5500, Asr 5700 and 1 more 2025-04-12 N/A
The hamgr service in the IPv6 Proxy Mobile (PM) implementation in Cisco StarOS 18.1.0.59776 on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and call-processing outage) via malformed PM packets, aka Bug ID CSCut94711.
CVE-2014-7906 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
Use-after-free vulnerability in the Pepper plugins in Google Chrome before 39.0.2171.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Flash content that triggers an attempted PepperMediaDeviceManager access outside of the object's lifetime.
CVE-2016-6892 1 Matrixssl 1 Matrixssl 2025-04-12 N/A
The x509FreeExtensions function in MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (free of unallocated memory) via a crafted X.509 certificate.
CVE-2016-7399 1 Veritas 2 Netbackup Appliance, Netbackup Appliance Firmware 2025-04-12 N/A
scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense.
CVE-2014-7907 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
Multiple use-after-free vulnerabilities in modules/screen_orientation/ScreenOrientationController.cpp in Blink, as used in Google Chrome before 39.0.2171.65, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger improper handling of a detached frame, related to the (1) lock and (2) unlock methods.
CVE-2014-7908 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
Multiple integer overflows in the CheckMov function in media/base/container_names.cc in Google Chrome before 39.0.2171.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a large atom in (1) MPEG-4 or (2) QuickTime .mov data.
CVE-2014-7913 2 Dhcpcd Project, Google 2 Dhcpcd, Android 2025-04-12 N/A
The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted message.
CVE-2014-7922 1 Google 1 Play Services Sdk 2025-04-12 N/A
The GoogleAuthUtil.getToken method in the Google Play services SDK before 2015 sets parameters in OAuth token requests upon finding a corresponding _opt_ parameter in the Bundle extras argument, which allows attackers to bypass an intended consent dialog and retrieve tokens for arbitrary OAuth scopes including the SID and LSID scopes, and consequently obtain access to a Google account, via a crafted application, as demonstrated by setting the has_permission=1 parameter value upon finding _opt_has_permission in that argument.
CVE-2015-0179 1 Ibm 1 Domino 2025-04-12 N/A
Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V.
CVE-2014-7923 6 Canonical, Google, Icu-project and 3 more 10 Ubuntu Linux, Chrome, International Components For Unicode and 7 more 2025-04-12 N/A
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression.
CVE-2014-8534 1 Mcafee 1 Network Data Loss Prevention 2025-04-12 N/A
Unspecified vulnerability in the login form in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to cause a denial of service via a crafted value in the domain field.
CVE-2014-8523 1 Mcafee 1 Network Data Loss Prevention 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2014-7924 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering duplicate BLOB references, related to content/browser/indexed_db/indexed_db_callbacks.cc and content/browser/indexed_db/indexed_db_dispatcher_host.cc.
CVE-2014-7925 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
Use-after-free vulnerability in the WebAudio implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an audio-rendering thread in which AudioNode data is improperly maintained.