| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads. |
| The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a file upload using one byte chunks. |
| The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors related to "heavy memory pressure." |
| WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. |
| The mmfslinux kernel module in IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 allows local users to cause a denial of service (memory corruption) via unspecified character-device ioctl calls. |
| Revive Adserver before 3.2.2 does not restrict access to run-mpe.php, which allows remote attackers to run the Maintenance Priority Engine and possibly cause a denial of service (resource consumption) via a direct request. |
| IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 does not properly detect recursion during entity expansion, which allows remote authenticated users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. |
| The RADIUS client implementation in Cisco IOS 15.4(3)M2.2, when a shared RADIUS secret is configured, allows remote RADIUS servers to cause a denial of service (device reload) via malformed answers, aka Bug ID CSCuu59324. |
| Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv6 packet, aka Bug ID CSCsv98555. |
| validators.URLValidator in Django 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. |
| MobileInstallation in Apple iOS before 8.4 does not ensure the uniqueness of Watch bundle IDs, which allows attackers to cause a denial of service (ID collision and Watch launch outage) via a crafted universal provisioning profile app. |
| Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041. |
| Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0037, CVE-2015-0040, and CVE-2015-0066. |
| Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." |
| Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041. |
| IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1958 and CVE-2015-1987. |
| Microsoft Internet Explorer 6 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." |
| Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041. |
| Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, and CVE-2015-0041. |
| Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0042 and CVE-2015-0046. |
