Total
12767 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-4494 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging access to an enterprise distribution certificate for signing a crafted app. | ||||
| CVE-2015-4505 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2025-04-12 | N/A |
| updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service. | ||||
| CVE-2015-4329 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2025-04-12 | N/A |
| The administrator web interface in Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, aka Bug ID CSCuv11796. | ||||
| CVE-2015-4327 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2025-04-12 | N/A |
| The CLI in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to obtain root privileges by writing script arguments to an unspecified file, aka Bug ID CSCuv12542. | ||||
| CVE-2015-4315 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2025-04-12 | N/A |
| The Call Policy Configuration page in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3 improperly validates external DTDs, which allows remote authenticated users to read arbitrary files or cause a denial of service via a crafted XML document, aka Bug ID CSCuv31853. | ||||
| CVE-2015-4286 | 1 Cisco | 1 Unified Computing System Central Software | 2025-04-12 | N/A |
| The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377. | ||||
| CVE-2015-4278 | 1 Cisco | 1 Email Security Appliance Firmware | 2025-04-12 | N/A |
| Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 and 9.5.0-201 allow remote attackers to cause a denial of service (per-domain e-mail reception outage) by placing malformed DMARC policy data in DNS TXT records for a domain, aka Bug ID CSCuv14806. | ||||
| CVE-2015-4276 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | N/A |
| Cisco WebEx Meetings Server 2.5MR1 allows remote authenticated users to execute arbitrary code via a crafted command parameter, aka Bug ID CSCus56138. | ||||
| CVE-2015-4273 | 1 Cisco | 1 Asr 5000 Series Software | 2025-04-12 | N/A |
| The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 15.0(912), 15.0(935), and 15.0(938) allows remote attackers to cause a denial of service (Session Manager outage) via malformed fields in an IP packet, aka Bug ID CSCut38476. | ||||
| CVE-2014-4828 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-12 | N/A |
| IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to conduct clickjacking attacks via a crafted HTTP request. | ||||
| CVE-2014-4833 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-12 | N/A |
| IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote authenticated users to gain privileges via invalid input. | ||||
| CVE-2014-4840 | 1 Ibm | 1 Tririga Application Platform | 2025-04-12 | N/A |
| IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote attackers to execute arbitrary code via a crafted URL. | ||||
| CVE-2015-4266 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-12 | N/A |
| The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), 1.3(106.146), and 1.3(120.135) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCut04556. | ||||
| CVE-2014-4870 | 1 Brocade | 2 Vyatta 5400 Vrouter, Vyatta 5400 Vrouter Software | 2025-04-12 | N/A |
| /opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 does not properly validate parameters, which allows local users to gain privileges by leveraging the sudo configuration. | ||||
| CVE-2015-4197 | 1 Cisco | 3 Nexus 7000, Nexus 7700, Nx-os | 2025-04-12 | N/A |
| Cisco NX-OS 5.2(5) on Nexus 7000 devices allows remote attackers to cause a denial of service (device crash) by sending a malformed LLDP packet on the local network, aka Bug ID CSCud89415. | ||||
| CVE-2014-4973 | 1 Eset | 2 Endpoint Security, Smart Security | 2025-04-12 | N/A |
| The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the Firewall Module Build 1183 (20140214) and earlier in ESET Smart Security and ESET Endpoint Security products 5.0 through 7.0 allows local users to gain privileges via a crafted argument to a 0x830020CC IOCTL call. | ||||
| CVE-2015-4146 | 2 Opensuse, W1.fi | 3 Opensuse, Hostapd, Wpa Supplicant | 2025-04-12 | N/A |
| The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows remote attackers to cause a denial of service (crash) via a crafted message. | ||||
| CVE-2016-4579 | 3 Canonical, Gnupg, Opensuse | 3 Ubuntu Linux, Libksba, Leap | 2025-04-12 | N/A |
| Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl." | ||||
| CVE-2015-4143 | 2 Opensuse, W1.fi | 3 Opensuse, Hostapd, Wpa Supplicant | 2025-04-12 | N/A |
| The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload. | ||||
| CVE-2015-4111 | 1 Blackberry | 1 Blackberry Link | 2025-04-12 | N/A |
| mc_demux_mp4_ds.ax in an unspecified third-party codec demux in BlackBerry Link before 1.2.3.53 with installer before 1.1.0.22 allows remote attackers to execute arbitrary code via a crafted MP4 file. | ||||