Search
Total
46 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4828 | 1 Collne | 1 Welcart E-commerce | 2021-09-09 | 6.4 MEDIUM | 6.5 MEDIUM |
| The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an account. | |||||
| CVE-2018-6097 | 4 Apple, Debian, Google and 1 more | 6 Macos, Debian Linux, Chrome and 3 more | 2021-09-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page. | |||||
| CVE-2019-5784 | 1 Google | 1 Chrome | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-0817 | 1 Microsoft | 1 Exchange Server | 2020-04-09 | 5.8 MEDIUM | 5.4 MEDIUM |
| A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0858. | |||||
| CVE-2015-8985 | 1 Gnu | 1 Glibc | 2020-03-31 | 4.3 MEDIUM | 5.9 MEDIUM |
| The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing. | |||||
| CVE-2016-9149 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a crafted string. | |||||
| CVE-2019-3554 | 1 Facebook | 1 Wangle | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| Wangle's AcceptRoutingHandler incorrectly casts a socket when accepting a TLS 1.3 connection, leading to a potential denial of service attack against systems accepting such connections. This affects versions of Wangle prior to v2019.01.14.00 | |||||
| CVE-2018-6332 | 1 Facebook | 1 Hhvm | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM (3.24.3 and 3.21.7 and below) when using the proxygen server to handle HTTP2 requests. | |||||
| CVE-2019-0089 | 1 Intel | 1 Server Platform Services | 2019-06-19 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper data sanitization vulnerability in subsystem in Intel(R) SPS before versions SPS_E5_04.00.04.381.0, SPS_E3_04.01.04.054.0, SPS_SoC-A_04.00.04.181.0, and SPS_SoC-X_04.00.04.086.0 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-11070 | 2 Webkitgtk, Wpewebkit | 2 Webkitgtk, Wpe Webkit | 2019-05-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. | |||||
| CVE-2006-7254 | 1 Gnu | 1 Glibc | 2019-04-11 | 2.1 LOW | 5.5 MEDIUM |
| The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon. | |||||
| CVE-2018-6091 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-01-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| Service Workers can intercept any request made by an <embed> or <object> tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2018-6100 | 4 Apple, Debian, Google and 1 more | 6 Mac Os X, Debian Linux, Chrome and 3 more | 2019-01-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2018-6133 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-01-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2015-7575 | 3 Canonical, Mozilla, Opensuse | 6 Ubuntu Linux, Firefox, Firefox Esr and 3 more | 2018-10-30 | 4.3 MEDIUM | 5.9 MEDIUM |
| Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. | |||||
| CVE-2015-7744 | 2 Opensuse, Wolfssl | 3 Leap, Opensuse, Wolfssl | 2018-10-30 | 2.6 LOW | 5.9 MEDIUM |
| wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack. | |||||
| CVE-2016-1947 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Leap and 1 more | 2018-10-30 | 4.3 MEDIUM | 4.7 MEDIUM |
| Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data. | |||||
| CVE-2016-0077 | 1 Microsoft | 2 Edge, Internet Explorer | 2018-10-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Internet Explorer 9 through 11 and Microsoft Edge misparse HTTP responses, which allows remote attackers to spoof web sites via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability." | |||||
| CVE-2016-1781 | 1 Apple | 2 Iphone Os, Safari | 2018-10-09 | 4.3 MEDIUM | 4.3 MEDIUM |
| WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors. | |||||
| CVE-2016-1549 | 1 Ntp | 1 Ntp | 2018-03-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock. | |||||
| CVE-2015-0203 | 1 Apache | 1 Qpid | 2018-03-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3) a session-gap control before a corresponding session-attach. | |||||
| CVE-2015-8952 | 1 Linux | 1 Linux Kernel | 2018-03-16 | 2.1 LOW | 5.5 MEDIUM |
| The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup) via filesystem operations in environments that use many attributes, as demonstrated by Ceph and Samba. | |||||
| CVE-2016-9650 | 1 Google | 1 Chrome | 2018-01-05 | 4.3 MEDIUM | 4.3 MEDIUM |
| Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page. | |||||
| CVE-2016-7099 | 2 Nodejs, Suse | 2 Node.js, Linux Enterprise | 2018-01-05 | 4.3 MEDIUM | 5.9 MEDIUM |
| The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. | |||||
| CVE-2016-5225 | 1 Google | 1 Chrome | 2018-01-05 | 4.3 MEDIUM | 4.3 MEDIUM |
| Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled form actions, which allowed a remote attacker to bypass Content Security Policy via a crafted HTML page. | |||||
| CVE-2016-5214 | 1 Google | 1 Chrome | 2018-01-05 | 4.3 MEDIUM | 4.3 MEDIUM |
| Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files, which allowed a remote attacker to prevent the downloaded file from receiving the Mark of the Web via a crafted HTML page. | |||||
| CVE-2015-1573 | 1 Linux | 1 Linux Kernel | 2018-01-05 | 4.9 MEDIUM | 5.5 MEDIUM |
| The nft_flush_table function in net/netfilter/nf_tables_api.c in the Linux kernel before 3.18.5 mishandles the interaction between cross-chain jumps and ruleset flushes, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability. | |||||
| CVE-2006-5331 | 1 Linux | 1 Linux Kernel | 2017-11-17 | 4.9 MEDIUM | 5.5 MEDIUM |
| The altivec_unavailable_exception function in arch/powerpc/kernel/traps.c in the Linux kernel before 2.6.19 on 64-bit systems mishandles the case where CONFIG_ALTIVEC is defined and the CPU actually supports Altivec, but the Altivec support was not detected by the kernel, which allows local users to cause a denial of service (panic) by triggering execution of an Altivec instruction. | |||||
| CVE-2016-4707 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-07-30 | 2.1 LOW | 4.0 MEDIUM |
| CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors. | |||||
| CVE-2015-2255 | 1 Huawei | 2 Ar1220, Ar1220 Firmware | 2017-06-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| Huawei AR1220 routers with software before V200R005SPH006 allow remote attackers to cause a denial of service (board reset) via vectors involving a large amount of traffic from the GE port to the FE port. | |||||
| CVE-2016-7540 | 1 Imagemagick | 1 Imagemagick | 2017-05-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to cause a denial of service (assertion failure) by converting an image to rgf format. | |||||
| CVE-2015-1839 | 2 Fedoraproject, Saltstack | 2 Fedora, Salt | 2017-04-19 | 4.6 MEDIUM | 5.3 MEDIUM |
| modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. | |||||
| CVE-2015-1838 | 2 Fedoraproject, Saltstack | 2 Fedora, Salt | 2017-04-19 | 4.6 MEDIUM | 5.3 MEDIUM |
| modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. | |||||
| CVE-2009-2197 | 1 Apple | 1 Safari | 2017-03-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog. | |||||
| CVE-2016-1771 | 1 Apple | 1 Safari | 2017-03-24 | 7.1 HIGH | 6.5 MEDIUM |
| The Downloads feature in Apple Safari before 9.1 mishandles file expansion, which allows remote attackers to cause a denial of service via a crafted web site. | |||||
| CVE-2016-3013 | 1 Ibm | 1 Websphere Mq | 2017-03-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference #: 1998661. | |||||
| CVE-2016-8226 | 1 Lenovo | 11 Flex System X240 M5 Bios, Flex System X280 M6 Bios, Flex System X480 X6 Bios and 8 more | 2017-02-01 | 6.8 MEDIUM | 4.9 MEDIUM |
| The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure. | |||||
| CVE-2016-6765 | 1 Google | 1 Android | 2017-01-19 | 7.1 HIGH | 5.5 MEDIUM |
| A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 7.0. Android ID: A-31449945. | |||||
| CVE-2016-6766 | 1 Google | 1 Android | 2017-01-19 | 7.1 HIGH | 5.5 MEDIUM |
| A denial of service vulnerability in libmedia and libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31318219. | |||||
| CVE-2016-1730 | 1 Apple | 1 Iphone Os | 2016-12-06 | 5.8 MEDIUM | 5.4 MEDIUM |
| WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or write to cookies by operating a crafted captive portal. | |||||
| CVE-2016-2085 | 1 Linux | 1 Linux Kernel | 2016-12-03 | 2.1 LOW | 5.5 MEDIUM |
| The evm_verify_hmac function in security/integrity/evm/evm_main.c in the Linux kernel before 4.5 does not properly copy data, which makes it easier for local users to forge MAC values via a timing side-channel attack. | |||||
| CVE-2016-8660 | 1 Linux | 1 Linux Kernel | 2016-11-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation." | |||||
| CVE-2016-4062 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2016-11-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| Foxit Reader and PhantomPDF before 7.3.4 on Windows improperly report format errors recursively, which allows remote attackers to cause a denial of service (application hang) via a crafted PDF. | |||||
| CVE-2013-7440 | 1 Python | 1 Python | 2016-11-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate. | |||||
| CVE-2015-8672 | 1 Huawei | 5 Te30, Te40, Te50 and 2 more | 2016-06-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| The presentation transmission permission management mechanism in Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 allows remote attackers to cause a denial of service (wired presentation outage) via unspecified vectors involving a wireless presentation. | |||||
| CVE-2016-0808 | 1 Google | 1 Android | 2016-03-14 | 4.9 MEDIUM | 6.2 MEDIUM |
| Integer overflow in the getCoverageFormat12 function in CmapCoverage.cpp in the Minikin library in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 allows attackers to cause a denial of service (continuous rebooting) via an application that triggers loading of a crafted TTF font, aka internal bug 25645298. | |||||