Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4410 | 1 Andy Armstrong | 2 Cgi-simple, Cgi.pm | 2016-12-08 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172. | |||||
| CVE-2010-5301 | 1 Senkas | 1 Kolibri | 2016-12-08 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a HEAD request. | |||||
| CVE-2011-1574 | 1 Konstanty Bialkowski | 1 Libmodplug | 2016-12-08 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in libmodplug before 0.8.8.2 allows remote attackers to execute arbitrary code via a crafted S3M file. | |||||
| CVE-2005-2797 | 1 Openbsd | 1 Openssh | 2016-12-08 | 5.0 MEDIUM | N/A |
| OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality. | |||||
| CVE-2006-0512 | 1 Padl Software | 1 Migrationtools | 2016-12-08 | 2.1 LOW | N/A |
| PADL MigrationTools 46 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the temporary files, which are not properly created by (1) migrate_all_online.sh, (2) migrate_all_offline.sh, (3) migrate_all_netinfo_online.sh, (4) migrate_all_netinfo_offline.sh, (5) migrate_all_nis_online.sh, (6) migrate_all_nis_offline.sh, (7) migrate_all_nisplus_online.sh, and (8) migrate_all_nisplus_offline.sh. | |||||
| CVE-2006-5084 | 1 Skype Technologies | 1 Skype | 2016-12-08 | 7.5 HIGH | N/A |
| Format string vulnerability in the NSRunAlertPanel function in eBay Skype for Mac 1.5.*.79 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed Skype URL, as originally reported to involve a null dereference. | |||||
| CVE-2001-1390 | 1 Linux | 1 Linux Kernel | 2016-12-08 | 6.2 MEDIUM | N/A |
| Unknown vulnerability in binfmt_misc in the Linux kernel before 2.2.19, related to user pages. | |||||
| CVE-2001-1392 | 1 Linux | 1 Linux Kernel | 2016-12-08 | 2.1 LOW | N/A |
| The Linux kernel before 2.2.19 does not have unregister calls for (1) CPUID and (2) MSR drivers, which could cause a DoS (crash) by unloading and reloading the drivers. | |||||
| CVE-2001-1393 | 1 Linux | 1 Linux Kernel | 2016-12-08 | 2.1 LOW | N/A |
| Unknown vulnerability in classifier code for Linux kernel before 2.2.19 could result in denial of service (hang). | |||||
| CVE-2001-1394 | 1 Linux | 1 Linux Kernel | 2016-12-08 | 2.1 LOW | N/A |
| Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel before 2.2.19 allows local users to cause a denial of service. | |||||
| CVE-2001-1395 | 1 Linux | 1 Linux Kernel | 2016-12-08 | 3.6 LOW | N/A |
| Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 related to "boundary cases," with unknown impact. | |||||
| CVE-2001-1396 | 1 Linux | 1 Linux Kernel | 2016-12-08 | 3.6 LOW | N/A |
| Unknown vulnerabilities in strnlen_user for Linux kernel before 2.2.19, with unknown impact. | |||||
| CVE-2001-1397 | 1 Linux | 1 Linux Kernel | 2016-12-08 | 2.1 LOW | N/A |
| The System V (SYS5) shared memory implementation for Linux kernel before 2.2.19 could allow attackers to modify recently freed memory. | |||||
| CVE-2001-1398 | 1 Linux | 1 Linux Kernel | 2016-12-08 | 7.5 HIGH | N/A |
| Masquerading code for Linux kernel before 2.2.19 does not fully check packet lengths in certain cases, which may lead to a vulnerability. | |||||
| CVE-2001-1399 | 1 Linux | 1 Linux Kernel | 2016-12-08 | 2.1 LOW | N/A |
| Certain operations in Linux kernel before 2.2.19 on the x86 architecture copy the wrong number of bytes, which might allow attackers to modify memory, aka "User access asm bug on x86." | |||||
| CVE-2001-1400 | 1 Linux | 1 Linux Kernel | 2016-12-08 | 2.1 LOW | N/A |
| Unknown vulnerabilities in the UDP port allocation for Linux kernel before 2.2.19 could allow local users to cause a denial of service (deadlock). | |||||
| CVE-2002-0660 | 1 Greg Roelofs | 2 Libpng, Libpng3 | 2016-12-08 | 7.5 HIGH | N/A |
| Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody.2 on Debian GNU/Linux 3.0, and other operating systems, may allow attackers to cause a denial of service and possibly execute arbitrary code, a different vulnerability than CVE-2002-0728. | |||||
| CVE-2002-0847 | 1 Tinyproxy | 1 Tinyproxy | 2016-12-08 | 7.5 HIGH | N/A |
| tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers to execute arbitrary code via memory that is freed twice (double-free). | |||||
| CVE-2002-0871 | 1 Xinetd | 1 Xinetd | 2016-12-08 | 2.1 LOW | N/A |
| xinetd 2.3.4 leaks file descriptors for the signal pipe to services that are launched by xinetd, which could allow those services to cause a denial of service via the pipe. | |||||
| CVE-2002-1562 | 1 Acme Labs | 1 Thttpd | 2016-12-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header. | |||||
| CVE-2003-0499 | 1 Mantis | 1 Mantis | 2016-12-08 | 3.6 LOW | N/A |
| Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations. | |||||
| CVE-2003-0596 | 1 Fdclone | 1 Fdclone | 2016-12-08 | 3.6 LOW | N/A |
| FDclone 2.00a, and other versions before 2.02a, creates temporary directories with predictable names and uses them if they already exist, which allows local users to read or modify files of other fdclone users by creating the directory ahead of time. | |||||
| CVE-2004-1013 | 6 Carnegie Mellon University, Conectiva, Openpkg and 3 more | 6 Cyrus Imap Server, Linux, Openpkg and 3 more | 2016-12-08 | 10.0 HIGH | N/A |
| The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption. | |||||
| CVE-2013-2175 | 4 Canonical, Debian, Haproxy and 1 more | 4 Ubuntu Linux, Debian Linux, Haproxy and 1 more | 2016-12-07 | 5.0 MEDIUM | N/A |
| HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable. | |||||
| CVE-2016-0440 | 1 Oracle | 1 Solaris | 2016-12-07 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to NFSv4. | |||||
| CVE-2016-0461 | 1 Oracle | 1 Database Server | 2016-12-07 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect availability via unknown vectors. | |||||
| CVE-2014-6524 | 1 Sun | 1 Sunos | 2016-12-07 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel. | |||||
| CVE-2016-0452 | 1 Oracle | 1 Goldengate | 2016-12-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Oracle GoldenGate component in Oracle GoldenGate 11.2 and 12.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0451. | |||||
| CVE-2016-0458 | 1 Oracle | 1 Solaris | 2016-12-07 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to Kernel DAX. | |||||
| CVE-2013-4777 | 2 Google, Motorola | 2 Android, Defy Xt | 2016-12-07 | 6.9 MEDIUM | N/A |
| A certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless uses init to create a /dev/socket/init_runit socket that listens for shell commands, which allows local users to gain privileges by interacting with a LocalSocket object. | |||||
| CVE-2012-0867 | 4 Debian, Opensuse Project, Postgresql and 1 more | 11 Debian Linux, Opensuse, Postgresql and 8 more | 2016-12-07 | 4.3 MEDIUM | N/A |
| PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters. | |||||
| CVE-2016-0493 | 1 Oracle | 1 Solaris | 2016-12-07 | 3.3 LOW | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity and availability via unknown vectors related to Kernel Cryptography. | |||||
| CVE-2016-0497 | 1 Oracle | 1 Agile Engineering Data Management | 2016-12-07 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.2.2, 6.1.3.0, and 6.2.0.0 allows remote attackers to affect integrity via unknown vectors related to Web Client. | |||||
| CVE-2016-0498 | 1 Oracle | 1 Agile Engineering Data Management | 2016-12-07 | 1.5 LOW | N/A |
| Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.2.2, 6.1.3.0, and 6.2.0.0 allows local users to affect confidentiality via unknown vectors related to Install. | |||||
| CVE-2016-0499 | 1 Oracle | 1 Database Server | 2016-12-07 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-4794. | |||||
| CVE-2016-0455 | 1 Oracle | 1 Enterprise Manager Grid Control | 2016-12-07 | 5.2 MEDIUM | N/A |
| Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows local users to affect confidentiality and availability via unknown vectors related to Agent Next Gen. | |||||
| CVE-2016-0465 | 1 Oracle | 1 Oracle And Sun Systems Product Suite | 2016-12-07 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4 allows local users to affect availability via unknown vectors related to Resource Group Manager. | |||||
| CVE-2016-0467 | 1 Oracle | 1 Database Server | 2016-12-07 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect integrity via unknown vectors. | |||||
| CVE-2016-0472 | 1 Oracle | 1 Database Server | 2016-12-07 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality and availability via unknown vectors. | |||||
| CVE-2016-0476 | 1 Oracle | 1 Enterprise Manager Grid Control | 2016-12-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0477 and CVE-2016-0478. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the DownloadServlet servlet, which allows remote attackers to read arbitrary files via directory traversal sequences in the reportName parameter. | |||||
| CVE-2016-0477 | 1 Oracle | 1 Application Testing Suite | 2016-12-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0476 and CVE-2016-0478. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the DownloadServlet servlet, which allows remote attackers to read arbitrary files via directory traversal sequences in the (1) repository, (2) workspace, or (3) scenario parameter. | |||||
| CVE-2016-0478 | 1 Oracle | 1 Application Testing Suite | 2016-12-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0476 and CVE-2016-0477. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the DownloadServlet servlet, which allows remote attackers to read arbitrary files via directory traversal sequences in the scriptName parameter. | |||||
| CVE-2016-0480 | 1 Oracle | 1 Application Testing Suite | 2016-12-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0481, CVE-2016-0482, CVE-2016-0485, and CVE-2016-0486. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the DownloadServlet servlet, which allows remote attackers to read arbitrary files via directory traversal sequences in the TMAPReportImage parameter. | |||||
| CVE-2016-0481 | 1 Oracle | 1 Enterprise Manager Grid Control | 2016-12-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480, CVE-2016-0482, CVE-2016-0485, and CVE-2016-0486. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the DownloadServlet servlet, which allows remote attackers to read arbitrary files via directory traversal sequences in the scheduleReportName parameter. | |||||
| CVE-2016-0482 | 1 Oracle | 1 Application Testing Suite | 2016-12-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480, CVE-2016-0481, CVE-2016-0485, and CVE-2016-0486. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the DownloadServlet servlet, which allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter. | |||||
| CVE-2016-0484 | 1 Oracle | 1 Application Testing Suite | 2016-12-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the DownloadServlet servlet, which allows remote attackers to read arbitrary files via directory traversal sequences in the scriptPath parameter. | |||||
| CVE-2016-0535 | 1 Oracle | 1 Solaris | 2016-12-07 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via vectors related to RPC. | |||||
| CVE-2016-0540 | 1 Oracle | 1 Configurator | 2016-12-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect confidentiality via unknown vectors related to UI Servlet, a different vulnerability than CVE-2016-0541. | |||||
| CVE-2016-0541 | 1 Oracle | 1 Configurator | 2016-12-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect confidentiality via unknown vectors related to UI Servlet, a different vulnerability than CVE-2016-0540. | |||||
| CVE-2016-0599 | 1 Oracle | 1 Mysql | 2016-12-07 | 3.5 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. | |||||