Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4347 | 2016-06-06 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-7558. Reason: This candidate is a reservation duplicate of CVE-2015-7558. Notes: All CVE users should reference CVE-2015-7558 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2014-2299 | 1 Wireshark | 1 Wireshark | 2016-06-02 | 9.3 HIGH | N/A |
| Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data. | |||||
| CVE-2014-2469 | 1 Oracle | 1 Sunos | 2016-06-02 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in lighttpd in Oracle Solaris 11.1 allows attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2014-1471 | 1 Otrs | 1 Otrs | 2016-06-02 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL. | |||||
| CVE-2014-9023 | 1 Twilio Project | 1 Twilio | 2016-06-02 | 5.5 MEDIUM | N/A |
| The Twilio module 7.x-1.x before 7.x-1.9 for Drupal does not properly restrict access to the Twilio administration pages, which allows remote authenticated users to read and modify authentication tokens by leveraging the "access administration pages" Drupal permission. | |||||
| CVE-2014-2656 | 2016-06-01 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that the vulnerability report was not valid. Notes: none. | |||||
| CVE-2015-7876 | 1 Drupal 7 Driver For Sql Server And Sql Azure Project | 1 Drupal 7 Driver For Sql Server And Sql Azure | 2016-06-01 | 7.5 HIGH | N/A |
| The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver for SQL Server and SQL Azure 7.x-1.x before 7.x-1.4 does not properly escape certain characters, which allows remote attackers to execute arbitrary SQL commands via vectors involving a module using the db_like function. | |||||
| CVE-2009-1046 | 1 Linux | 1 Linux Kernel | 2016-05-31 | 4.7 MEDIUM | N/A |
| The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a small number of 3-byte UTF-8 characters, which triggers an "off-by-two memory error." NOTE: it is not clear whether this issue crosses privilege boundaries. | |||||
| CVE-2011-3129 | 1 Wordpress | 1 Wordpress | 2016-05-31 | 9.3 HIGH | N/A |
| The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames. | |||||
| CVE-2014-1750 | 1 Nokia Maps \& Places Project | 1 Nokia Maps \& Places | 2016-05-27 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the href parameter to page/place.html. NOTE: this was originally reported as a cross-site scripting (XSS) vulnerability, but this may be inaccurate. | |||||
| CVE-2005-3065 | 1 Multitheftauto | 1 Multitheftauto | 2016-05-27 | 5.0 MEDIUM | N/A |
| MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted command 40 that causes a -1 length to be used and triggers an out-of-bounds read. | |||||
| CVE-2015-1322 | 2 Canonical, Ubuntu | 2 Ubuntu Linux, Network-manager | 2016-05-26 | 4.6 MEDIUM | N/A |
| Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts). | |||||
| CVE-2013-5755 | 1 Yealink | 1 Sip-t38g | 2016-05-26 | 10.0 HIGH | N/A |
| config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2015-8577 | 1 Mcafee | 1 Virusscan Enterprise | 2016-05-26 | 2.6 LOW | N/A |
| The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platforms when protecting another application, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors. | |||||
| CVE-2015-0116 | 1 Ibm | 1 Leads | 2016-05-26 | 3.5 LOW | N/A |
| IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 does not properly restrict the addition of links, which makes it easier for remote authenticated users to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. | |||||
| CVE-2014-1939 | 2 Google, Lenovo | 2 Android, Shareit | 2016-05-26 | 7.5 HIGH | N/A |
| java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels. | |||||
| CVE-2005-1795 | 1 Clam Anti-virus | 1 Clamav | 2016-05-25 | 7.5 HIGH | N/A |
| The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell metacharacters, which are not properly handled when HFS permissions prevent the file from being deleted and ditto is invoked. | |||||
| CVE-2011-0794 | 1 Oracle | 1 Fusion Middleware | 2016-05-25 | 4.4 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5.0 allows local users to affect confidentiality, integrity, and availability, related to File ID SDK. NOTE: the previous information was obtained from the April 2011 CPU. Oracle has not commented on claims from a reliable third party that this issue is in (a) sccut.dll or (b) libsc_ut.so in Outside In 8.3.5.x through 8.3.5.5684, as used when using the CAB file identification functionality to parse OneNote (.onepkg) files and other formats. | |||||
| CVE-2001-0780 | 1 Cosmicperl | 1 Directory Pro | 2016-05-25 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl Directory Pro 2.0 allows remote attackers to gain sensitive information via a .. (dot dot) in the SHOW parameter. | |||||
| CVE-2013-0485 | 1 Ibm | 1 Java | 2016-05-25 | 10.0 HIGH | N/A |
| Unspecified vulnerability in IBM Java SDK 7 before SR4-FP1, 6 before SR13-FP1, 5.0 before SR16-FP1, and 1.4.2 before SR13-FP16 has unknown impact and attack vectors related to Class Libraries. | |||||
| CVE-2014-1610 | 1 Mediawiki | 1 Mediawiki | 2016-05-25 | 6.0 MEDIUM | N/A |
| MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php. | |||||
| CVE-2001-0775 | 2 Xli, Xloadimage | 2 Xli, Xloadimage | 2016-05-20 | 7.5 HIGH | N/A |
| Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux allows remote attackers to execute arbitrary code via a FACES format image containing a long (1) Firstname or (2) Lastname field. | |||||
| CVE-2011-3509 | 1 Oracle | 2 Jd Edwards Enterpriseone Tools, Jd Edwards Products | 2016-05-18 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDENET), a different vulnerability than CVE-2011-2325, CVE-2011-2326, and CVE-2011-3524. | |||||
| CVE-2015-1498 | 1 Persistent Systems | 1 Radia Client Automation | 2016-05-18 | 10.0 HIGH | N/A |
| Persistent Systems Radia Client Automation does not properly restrict access to certain request, which allows remote attackers to (1) enumerate user accounts via a getUsers request, (2) assign a role to a user account via an addAssigneesToRole request, (3) remove a role from a user account via a removeAssigneesFromRole request, or (4) have other unspecified impact. | |||||
| CVE-2013-4473 | 2 Canonical, Freedesktop | 2 Ubuntu Linux, Poppler | 2016-05-18 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename. | |||||
| CVE-2014-4506 | 1 Louis Jimenez | 1 Custom Meta | 2016-05-18 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Custom Meta module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "administer custom meta settings" permission to inject arbitrary web script or HTML via the (1) attribute or (2) content value for a meta tag. | |||||
| CVE-2013-4580 | 1 Gitlab | 1 Gitlab | 2016-05-18 | 6.8 MEDIUM | N/A |
| GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls. | |||||
| CVE-2011-2324 | 1 Oracle | 2 Jd Edwards Enterpriseone Tools, Jd Edwards Products | 2016-05-18 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote attackers to affect availability, related to Enterprise Infrastructure SEC (JDENET). | |||||
| CVE-2011-3524 | 1 Oracle | 2 Jd Edwards Enterpriseone Tools, Jd Edwards Products | 2016-05-18 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDENET), a different vulnerability than CVE-2011-2325, CVE-2011-2326, and CVE-2011-3509. | |||||
| CVE-2014-2417 | 1 Oracle | 1 Fusion Middleware | 2016-05-18 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2407, CVE-2014-2415, CVE-2014-2416, and CVE-2014-2418. | |||||
| CVE-2014-4289 | 1 Oracle | 1 Database Server | 2016-05-18 | 3.6 LOW | N/A |
| Unspecified vulnerability in the JDBC component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2014-6544. | |||||
| CVE-2014-2415 | 1 Oracle | 1 Fusion Middleware | 2016-05-18 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2407, CVE-2014-2416, CVE-2014-2417, and CVE-2014-2418. | |||||
| CVE-2014-2416 | 1 Oracle | 1 Fusion Middleware | 2016-05-18 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2407, CVE-2014-2415, CVE-2014-2417, and CVE-2014-2418. | |||||
| CVE-2012-0566 | 1 Oracle | 1 Supply Chain Products Suite | 2016-05-18 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Agile component in Oracle Supply Chain Products Suite 5.2.2, 6.0.0, and 6.1.1 allows remote attackers to affect integrity via unknown vectors related to Supplier Portal. | |||||
| CVE-2012-0581 | 1 Oracle | 1 Supply Chain Products Suite | 2016-05-18 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Agile component in Oracle Supply Chain Products Suite 5.2.2, 6.0.0, and 6.1.1 allows remote attackers to affect integrity, related to SCRM - Company Profiles. | |||||
| CVE-2014-2407 | 1 Oracle | 1 Fusion Middleware | 2016-05-18 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2415, CVE-2014-2416, CVE-2014-2417, and CVE-2014-2418. | |||||
| CVE-2014-2418 | 1 Oracle | 1 Fusion Middleware | 2016-05-18 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2407, CVE-2014-2415, CVE-2014-2416, and CVE-2014-2417. | |||||
| CVE-2011-2325 | 1 Oracle | 2 Jd Edwards Enterpriseone Tools, Jd Edwards Products | 2016-05-18 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDENET), a different vulnerability than CVE-2011-2326, CVE-2011-3509, and CVE-2011-3524. | |||||
| CVE-2012-0565 | 1 Oracle | 1 Supply Chain Products Suite | 2016-05-18 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Agile component in Oracle Supply Chain Products Suite 5.2.2, 6.0.0, and 6.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Install. | |||||
| CVE-2013-5826 | 1 Oracle | 1 Supply Chain Products Suite | 2016-05-18 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.3 and 6.3.1 allows remote attackers to affect availability via unknown vectors related to Install / Installation. | |||||
| CVE-2011-2326 | 1 Oracle | 2 Jd Edwards Enterpriseone Tools, Jd Edwards Products | 2016-05-18 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDENET), a different vulnerability than CVE-2011-2325, CVE-2011-3509, and CVE-2011-3524. | |||||
| CVE-2014-4290 | 1 Oracle | 1 Database Server | 2016-05-18 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477. | |||||
| CVE-2011-2317 | 1 Oracle | 2 Jd Edwards Enterpriseone Tools, Jd Edwards Products | 2016-05-18 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect integrity, related to Enterprise Infrastucture SEC (JDNET). | |||||
| CVE-2013-5813 | 1 Oracle | 1 Fusion Middleware | 2016-05-18 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, 11.1.1.7.0, and 11.1.1.8.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Content Server. | |||||
| CVE-2011-2321 | 1 Oracle | 2 Jd Edwards Enterpriseone Tools, Jd Edwards Products | 2016-05-18 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDNET). | |||||
| CVE-2011-3514 | 1 Oracle | 2 Jd Edwards Enterpriseone Tools, Jd Edwards Products | 2016-05-18 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect integrity, related to Enterprise Infrastructure SEC (JDENET). | |||||
| CVE-2016-0719 | 2016-05-18 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-0718. Reason: This candidate is a reservation duplicate of CVE-2016-0718. Notes: All CVE users should reference CVE-2016-0718 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2016-2189 | 2016-05-17 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-4565. Reason: This candidate is a reservation duplicate of CVE-2016-4565. Notes: All CVE users should reference CVE-2016-4565 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2016-3719 | 2016-05-17 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2005-3463 | 1 Oracle | 1 Peoplesoft Enterprise | 2016-05-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.44 up to 8.46.03 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE03. | |||||