Total
222 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4236 | 2 Hp, Ibm | 2 Hp-ux, Spectrum Protect | 2022-12-02 | 3.6 LOW | 4.4 MEDIUM |
| A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twelve ACL entries associated with the object in total. As a result, it could allow a local attacker to restore or retrieve the object with incorrect ACL entries. IBM X-Force ID: 159418. | |||||
| CVE-1999-0226 | 1 Microsoft | 1 Windows Nt | 2022-08-17 | 10.0 HIGH | N/A |
| Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service. | |||||
| CVE-2016-1548 | 1 Ntp | 1 Ntp | 2021-11-17 | 6.4 MEDIUM | 7.2 HIGH |
| An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched. | |||||
| CVE-2016-0761 | 2 Cloudfoundry, Pivotal Software | 2 Garden Linux, Cloud Foundry Elastic Runtime | 2021-08-25 | 10.0 HIGH | 9.8 CRITICAL |
| Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used to delete, corrupt or overwrite host files and directories, including other container filesystems on the host. | |||||
| CVE-2015-7979 | 1 Ntp | 1 Ntp | 2021-04-15 | 5.0 MEDIUM | 7.5 HIGH |
| NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client. | |||||
| CVE-2014-6053 | 3 Canonical, Debian, Libvncserver | 3 Ubuntu Linux, Debian Linux, Libvncserver | 2020-10-23 | 5.0 MEDIUM | N/A |
| The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc. | |||||
| CVE-2016-2510 | 3 Beanshell, Canonical, Debian | 3 Beanshell, Ubuntu Linux, Debian Linux | 2020-10-20 | 6.8 MEDIUM | 8.1 HIGH |
| BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler. | |||||
| CVE-2019-0014 | 1 Juniper | 17 Junos, Ptx1000, Ptx10002 and 14 more | 2020-07-22 | 5.0 MEDIUM | 7.5 HIGH |
| On QFX and PTX Series, receipt of a malformed packet for J-Flow sampling might crash the FPC (Flexible PIC Concentrator) process which causes all interfaces to go down. By continuously sending the offending packet, an attacker can repeatedly crash the FPC process causing a sustained Denial of Service (DoS). This issue affects both IPv4 and IPv6 packet processing. Affected releases are Juniper Networks Junos OS on QFX and PTX Series: 17.4 versions prior to 17.4R2-S1, 17.4R3; 18.1 versions prior to 18.1R3-S1; 18.2 versions prior to 18.2R1-S3, 18.2R2; 17.2X75 versions prior to 17.2X75-D91, 17.2X75-D100. | |||||
| CVE-2014-8826 | 1 Apple | 1 Mac Os X | 2020-07-17 | 5.0 MEDIUM | N/A |
| LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive. | |||||
| CVE-2019-0817 | 1 Microsoft | 1 Exchange Server | 2020-04-09 | 5.8 MEDIUM | 5.4 MEDIUM |
| A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0858. | |||||
| CVE-2015-8985 | 1 Gnu | 1 Glibc | 2020-03-31 | 4.3 MEDIUM | 5.9 MEDIUM |
| The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing. | |||||
| CVE-2016-9149 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a crafted string. | |||||
| CVE-2016-5418 | 3 Libarchive, Oracle, Redhat | 10 Libarchive, Linux, Enterprise Linux Desktop and 7 more | 2019-12-27 | 5.0 MEDIUM | 7.5 HIGH |
| The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. | |||||
| CVE-2015-2328 | 2 Oracle, Pcre | 2 Linux, Pcre | 2019-12-27 | 7.5 HIGH | N/A |
| PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | |||||
| CVE-2019-3554 | 1 Facebook | 1 Wangle | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| Wangle's AcceptRoutingHandler incorrectly casts a socket when accepting a TLS 1.3 connection, leading to a potential denial of service attack against systems accepting such connections. This affects versions of Wangle prior to v2019.01.14.00 | |||||
| CVE-2019-0013 | 1 Juniper | 1 Junos | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The routing protocol daemon (RPD) process will crash and restart when a specific invalid IPv4 PIM Join packet is received. While RPD restarts after a crash, repeated crashes can result in an extended Denial of Service (DoS) condition. This issue only affects IPv4 PIM. IPv6 PIM is unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77; 12.3X48 versions prior to 12.3X48-D77; 15.1 versions prior to 15.1F6-S10, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D150; 15.1X53 versions prior to 15.1X53-D233, 15.1X53-D59; 16.1 versions prior to 16.1R3-S8, 16.1R4-S8, 16.1R7; 16.2 versions prior to 16.2R2-S6; 17.1 versions prior to 17.1R2-S6, 17.1R3; 17.2 versions prior to 17.2R2-S3, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R2. | |||||
| CVE-2016-4925 | 1 Juniper | 1 Junose | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Receipt of a specifically malformed IPv6 packet processed by the router may trigger a line card reset: processor exception 0x68616c74 (halt) in task: scheduler. The line card will reboot and recover without user interaction. However, additional specifically malformed packets may cause follow-on line card resets and lead to an extended service outage. This issue only affects E Series routers with IPv6 licensed and enabled. Routers not configured to process IPv6 traffic are unaffected by this vulnerability. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue. | |||||
| CVE-2019-13917 | 2 Debian, Exim | 2 Debian Linux, Exim | 2019-09-07 | 10.0 HIGH | 9.8 CRITICAL |
| Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain). | |||||
| CVE-2019-14794 | 1 Metabox | 1 Meta Box | 2019-08-14 | 5.0 MEDIUM | 7.5 HIGH |
| The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders. | |||||
| CVE-2014-3916 | 1 Rubyonrails | 1 Rails | 2019-08-08 | 5.0 MEDIUM | N/A |
| The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string. | |||||