Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3262 | 1 Cisco | 2 Ios, Ios Xe | 2016-09-07 | 4.3 MEDIUM | N/A |
| The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to cause a denial of service (CEF outage and packet drops) via malformed messages, aka Bug ID CSCun73782. | |||||
| CVE-2014-3188 | 2 Google, Redhat | 6 Chrome, Chrome Os, Enterprise Linux Desktop Supplementary and 3 more | 2016-09-07 | 10.0 HIGH | N/A |
| Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by ParseJsonObject in json-parser.h. | |||||
| CVE-2009-1174 | 1 Ibm | 1 Websphere Application Server | 2016-09-07 | 10.0 HIGH | N/A |
| The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 and 7.0 before 7.0.0.3 has an unspecified "security problem" in the XML digital-signature specification, which has unknown impact and attack vectors. | |||||
| CVE-2014-8601 | 2 Debian, Powerdns | 2 Debian Linux, Recursor | 2016-09-06 | 5.0 MEDIUM | N/A |
| PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it. | |||||
| CVE-2014-7286 | 2 Microsoft, Symantec | 3 Windows Server 2003, Windows Xp, Deployment Solution | 2016-09-06 | 7.2 HIGH | N/A |
| Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2014-9223 | 1 Allegrosoft | 1 Rompager | 2016-09-06 | 10.0 HIGH | N/A |
| Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization. | |||||
| CVE-2014-4301 | 1 Ajenti | 1 Ajenti | 2016-09-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the respond_error function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) resources.js or (2) resources.css in ajenti:static/, related to the traceback page. | |||||
| CVE-2014-3290 | 1 Cisco | 1 Ios Xe | 2016-09-06 | 4.8 MEDIUM | N/A |
| The mDNS implementation in Cisco IOS XE 3.12S does not properly interact with autonomic networking, which allows remote attackers to obtain sensitive networking-services information by sniffing the network or overwrite networking-services data via a crafted mDNS response, aka Bug ID CSCun64867. | |||||
| CVE-2014-4303 | 1 Drupac | 1 Touch | 2016-09-06 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Touch theme 7.x-1.x before 7.x-1.9 for Drupal allow remote authenticated users with the Administer themes permission to inject arbitrary web script or HTML via vectors related to the (1) Twitter and (2) Facebook username settings. | |||||
| CVE-2014-3214 | 1 Isc | 1 Bind | 2016-09-06 | 5.0 MEDIUM | N/A |
| The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a DNS query that triggers a response with unspecified attributes. | |||||
| CVE-2014-4304 | 1 Sqlbuddy | 1 Sql Buddy | 2016-09-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in browse.php in SQL Buddy 1.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter. | |||||
| CVE-2012-2313 | 3 Linux, Novell, Redhat | 8 Linux Kernel, Suse Linux Enterprise Server, Enterprise Linux and 5 more | 2016-09-06 | 1.2 LOW | N/A |
| The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call. | |||||
| CVE-2014-3922 | 1 Trendmicro | 1 Interscan Messaging Security Virtual Appliance | 2016-09-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the addWhiteListDomainStr parameter to addWhiteListDomain.imss. | |||||
| CVE-2014-2779 | 1 Microsoft | 1 Malware Protection Engine | 2016-09-02 | 4.3 MEDIUM | N/A |
| mpengine.dll in Microsoft Malware Protection Engine before 1.1.10701.0 allows remote attackers to cause a denial of service (system hang) via a crafted file. | |||||
| CVE-2012-6684 | 2 Debian, Redcloth | 2 Debian Linux, Redcloth Library | 2016-09-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI. | |||||
| CVE-2014-8923 | 1 Ibm | 2 Security Identity Manager Active Directory Adapter, Tivoli Identity Manager Active Directory Adapter | 2016-08-31 | 1.9 LOW | N/A |
| The (1) IBM Tivoli Identity Manager Active Directory adapter before 5.1.24 and (2) IBM Security Identity Manager Active Directory adapter before 6.0.14 for IBM Security Identity Manager on Windows, when certain log and trace levels are configured, store the cleartext administrator password in a log file, which allows local users to obtain sensitive information by reading a file. | |||||
| CVE-2014-7300 | 2 Gnome, Redhat | 5 Gnome-shell, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more | 2016-08-31 | 7.2 HIGH | N/A |
| GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer. | |||||
| CVE-2006-2191 | 1 Gnu | 1 Mailman | 2016-08-31 | 7.5 HIGH | N/A |
| ** DISPUTED ** Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable." | |||||
| CVE-2016-6895 | 2016-08-31 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5333. Reason: This candidate is a reservation duplicate of CVE-2016-5333. Notes: All CVE users should reference CVE-2016-5333 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2016-0462 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2016-08-30 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect confidentiality via unknown vectors related to Multichannel Framework, a different vulnerability than CVE-2015-2650. | |||||
| CVE-2014-1829 | 4 Canonical, Debian, Mageia and 1 more | 4 Ubuntu Linux, Debian Linux, Mageia and 1 more | 2016-08-30 | 5.0 MEDIUM | N/A |
| Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request. | |||||
| CVE-2014-7204 | 3 Canonical, Debian, Mageia | 4 Ubuntu Linux, Debian Linux, Exuberant Ctags and 1 more | 2016-08-30 | 5.0 MEDIUM | N/A |
| jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file. | |||||
| CVE-2016-6339 | 2016-08-29 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-4993. Reason: This candidate is a reservation duplicate of CVE-2016-4993. Notes: All CVE users should reference CVE-2016-4993 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2013-6892 | 2 Debian, Websvn | 2 Debian Linux, Websvn | 2016-08-26 | 3.5 LOW | N/A |
| WebSVN 2.3.3 allows remote authenticated users to read arbitrary files via a symlink attack in a commit. | |||||
| CVE-2014-9206 | 1 Schneider-electric | 1 Device Type Manager | 2016-08-26 | 6.9 MEDIUM | N/A |
| Stack-based buffer overflow in Device Type Manager (DTM) 3.1.6 and earlier for Schneider Electric Invensys SRD Control Valve Positioner devices 960 and 991 allows local users to gain privileges via a malformed DLL file. | |||||
| CVE-2013-4589 | 3 Fedoraproject, Graphicsmagick, Novell | 5 Fedora, Graphicsmagick, Suse Linux Enterprise Debuginfo and 2 more | 2016-08-26 | 4.3 MEDIUM | N/A |
| The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image. | |||||
| CVE-2014-0189 | 2 Redhat, Virt-who Project | 4 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation and 1 more | 2016-08-26 | 2.1 LOW | N/A |
| virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file. | |||||
| CVE-2015-1594 | 1 Siemens | 5 Simatic Cfc, Simatic Prosave, Simatic Step 7 and 2 more | 2016-08-24 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Siemens SIMATIC ProSave before 13 SP1; SIMATIC CFC before 8.0 SP4 Upd9 and 8.1 before Upd1; SIMATIC STEP 7 before 5.5 SP1 HF2, 5.5 SP2 before HF7, 5.5 SP3, and 5.5 SP4 before HF4; SIMOTION Scout before 4.4; and STARTER before 4.4 HF3 allows local users to gain privileges via a Trojan horse application file. | |||||
| CVE-2015-0528 | 1 Emc | 1 Isilon Onefs | 2016-08-24 | 7.2 HIGH | N/A |
| The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, 7.1.0 before 7.1.0.6, 7.1.1 before 7.1.1.2, and 7.2.0 before 7.2.0.1 allows local users to gain privileges by leveraging an ability to modify system files. | |||||
| CVE-2015-0523 | 1 Emc | 2 Rsa Certificate Manager, Rsa Registration Manager | 2016-08-24 | 7.8 HIGH | N/A |
| EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allow remote attackers to cause an Administration Server denial of service via an invalid MIME e-mail message with a multipart/* Content-Type header. | |||||
| CVE-2014-7145 | 3 Canonical, Linux, Redhat | 6 Ubuntu Linux, Linux Kernel, Enterprise Linux Desktop and 3 more | 2016-08-24 | 7.8 HIGH | N/A |
| The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share during resolution of DFS referrals. | |||||
| CVE-2014-0159 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2016-08-24 | 5.0 MEDIUM | N/A |
| Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument. | |||||
| CVE-2013-4135 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2016-08-24 | 4.3 MEDIUM | N/A |
| The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2013-4134 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2016-08-24 | 4.3 MEDIUM | N/A |
| OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key. | |||||
| CVE-2015-0529 | 1 Emc | 1 Powerpath Virtual Appliance | 2016-08-23 | 5.0 MEDIUM | N/A |
| EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default passwords for the (1) emcupdate and (2) svcuser accounts, which makes it easier for remote attackers to obtain potentially sensitive information via a login session. | |||||
| CVE-2014-9472 | 3 Bestpractical, Debian, Fedoraproject | 3 Request Tracker, Debian Linux, Fedora | 2016-08-23 | 7.1 HIGH | N/A |
| The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email. | |||||
| CVE-2015-1051 | 2 Context Project, Fedoraproject | 2 Context, Fedora | 2016-08-23 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the Context UI module in the Context module 7.x-3.x before 7.x-3.6 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter. | |||||
| CVE-2013-5987 | 2 Apple, Nvidia | 2 Mac Os X, Gpu Driver | 2016-08-23 | 7.2 HIGH | N/A |
| Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 allows local users to bypass intended access restrictions for the GPU and gain privileges via unknown vectors. | |||||
| CVE-2014-3994 | 1 Reviewboard | 2 Djblets, Reviewboard | 2016-08-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user name. | |||||
| CVE-2014-3688 | 1 Linux | 1 Linux Kernel | 2016-08-23 | 5.0 MEDIUM | N/A |
| The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c. | |||||
| CVE-2014-6410 | 1 Linux | 1 Linux Kernel | 2016-08-23 | 4.7 MEDIUM | N/A |
| The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF filesystem with a crafted inode. | |||||
| CVE-2012-6657 | 2 Linux, Novell | 2 Linux Kernel, Suse Linux Enterprise Server | 2016-08-23 | 4.9 MEDIUM | N/A |
| The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket. | |||||
| CVE-2012-1088 | 1 Iproute2 Project | 1 Iproute2 | 2016-08-23 | 3.3 LOW | N/A |
| iproute2 before 3.3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file used by (1) configure or (2) examples/dhcp-client-script. | |||||
| CVE-2012-1583 | 1 Linux | 1 Linux Kernel | 2016-08-23 | 5.0 MEDIUM | N/A |
| Double free vulnerability in the xfrm6_tunnel_rcv function in net/ipv6/xfrm6_tunnel.c in the Linux kernel before 2.6.22, when the xfrm6_tunnel module is enabled, allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets. | |||||
| CVE-2012-2372 | 1 Linux | 1 Linux Kernel | 2016-08-23 | 4.4 MEDIUM | N/A |
| The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interface's own IP address, as demonstrated by rds-ping. | |||||
| CVE-2012-2373 | 1 Linux | 1 Linux Kernel | 2016-08-23 | 4.0 MEDIUM | N/A |
| The Linux kernel before 3.4.5 on the x86 platform, when Physical Address Extension (PAE) is enabled, does not properly use the Page Middle Directory (PMD), which allows local users to cause a denial of service (panic) via a crafted application that triggers a race condition. | |||||
| CVE-2012-2375 | 1 Linux | 1 Linux Kernel | 2016-08-23 | 4.6 MEDIUM | N/A |
| The __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the NFSv4 implementation in the Linux kernel before 3.3.2 uses an incorrect length variable during a copy operation, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words in an FATTR4_ACL reply. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-4131. | |||||
| CVE-2012-2383 | 1 Linux | 1 Linux Kernel | 2016-08-23 | 4.9 MEDIUM | N/A |
| Integer overflow in the i915_gem_execbuffer2 function in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.3.5 on 32-bit platforms allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted ioctl call. | |||||
| CVE-2012-2384 | 1 Linux | 1 Linux Kernel | 2016-08-23 | 4.9 MEDIUM | N/A |
| Integer overflow in the i915_gem_do_execbuffer function in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.3.5 on 32-bit platforms allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted ioctl call. | |||||
| CVE-2011-4108 | 1 Openssl | 1 Openssl | 2016-08-23 | 4.3 MEDIUM | N/A |
| The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. | |||||