Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4732 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-2590. | |||||
| CVE-2015-4731 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java SE Embedded 7u75; and Java SE Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. | |||||
| CVE-2015-4729 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment. | |||||
| CVE-2015-2664 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 6.9 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | |||||
| CVE-2015-2638 | 1 Oracle | 3 Javafx, Jdk, Jre | 2022-05-13 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | |||||
| CVE-2015-2637 | 1 Oracle | 3 Javafx, Jdk, Jre | 2022-05-13 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via unknown vectors related to 2D. | |||||
| CVE-2015-2632 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. | |||||
| CVE-2015-2628 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. | |||||
| CVE-2015-2627 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 2.6 LOW | N/A |
| Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to installation. | |||||
| CVE-2015-2625 | 1 Oracle | 3 Jdk, Jre, Jrockit | 2022-05-13 | 2.6 LOW | N/A |
| Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JSSE. | |||||
| CVE-2015-2621 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33, allows remote attackers to affect confidentiality via vectors related to JMX. | |||||
| CVE-2015-2619 | 1 Oracle | 3 Javafx, Jdk, Jre | 2022-05-13 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, JavaFX 2.2.80, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via unknown vectors related to 2D. | |||||
| CVE-2015-2613 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE. | |||||
| CVE-2015-2601 | 1 Oracle | 3 Jdk, Jre, Jrockit | 2022-05-13 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE. | |||||
| CVE-2015-2597 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Install. | |||||
| CVE-2015-2596 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 7u80 allows remote attackers to affect integrity via unknown vectors related to Hotspot. | |||||
| CVE-2015-2590 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732. | |||||
| CVE-2014-6532 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503. | |||||
| CVE-2014-6515 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment. | |||||
| CVE-2014-6511 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D. | |||||
| CVE-2014-6503 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532. | |||||
| CVE-2014-6493 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 7.6 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532. | |||||
| CVE-2014-6492 | 2 Mozilla, Oracle | 3 Firefox, Jdk, Jre | 2022-05-13 | 7.6 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | |||||
| CVE-2014-6466 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 6.9 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | |||||
| CVE-2014-6458 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 6.9 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | |||||
| CVE-2014-4288 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 7.6 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532. | |||||
| CVE-2013-2461 | 2 Oracle, Sun | 5 Jdk, Jre, Jrockit and 2 more | 2022-05-13 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a "Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm." | |||||
| CVE-2014-3620 | 2 Apple, Haxx | 3 Mac Os X, Curl, Libcurl | 2022-05-11 | 5.0 MEDIUM | N/A |
| cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain. | |||||
| CVE-2014-0464 | 1 Oracle | 2 Jdk, Jre | 2022-05-09 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0463. | |||||
| CVE-2014-0463 | 1 Oracle | 2 Jdk, Jre | 2022-05-09 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0464. | |||||
| CVE-2014-2410 | 1 Oracle | 2 Jdk, Jre | 2022-05-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX. | |||||
| CVE-2021-32500 | 2022-05-02 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2013-3900 | 1 Microsoft | 10 Windows 7, Windows 8, Windows 8.1 and 7 more | 2022-05-02 | 7.6 HIGH | N/A |
| The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka "WinVerifyTrust Signature Validation Vulnerability." | |||||
| CVE-2015-0541 | 1 Rsa | 1 Web Threat Detection | 2022-05-01 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in EMC RSA Web Threat Detection before 5.1 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2013-4341 | 1 Moodle | 1 Moodle | 2022-05-01 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 allow remote attackers to inject arbitrary web script or HTML via a crafted blog link within an RSS feed. | |||||
| CVE-2012-6342 | 1 Atlassian | 1 Confluence Server | 2022-05-01 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in logout.action in Atlassian Confluence 3.4.6 allows remote attackers to hijack the authentication of administrators for requests that logout the user via a comment. | |||||
| CVE-2021-36628 | 2022-04-25 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-40680. Reason: This candidate is a reservation duplicate of CVE-2021-40680. Notes: All CVE users should reference CVE-2021-40680 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2022-0777 | 2022-03-01 | N/A | N/A | ||
| Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3. | |||||
| CVE-2022-0776 | 2022-03-01 | N/A | N/A | ||
| Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.js prior to 4.3.0. | |||||
| CVE-2021-35036 | 2022-03-01 | N/A | N/A | ||
| A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device. | |||||
| CVE-2021-43619 | 2022-03-01 | N/A | N/A | ||
| Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations. | |||||
| CVE-2022-25022 | 2022-03-01 | N/A | N/A | ||
| A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post. | |||||
| CVE-2022-25020 | 2022-03-01 | N/A | N/A | ||
| A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post. | |||||
| CVE-2022-25018 | 2022-03-01 | N/A | N/A | ||
| Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages. | |||||
| CVE-2022-22262 | 2022-03-01 | N/A | N/A | ||
| ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file path, to delete arbitrary system files and disrupt system service. | |||||
| CVE-2021-44962 | 2022-03-01 | N/A | N/A | ||
| An out-of-bounds read vulnerability exists in the GCode::extrude() functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially crafted stl file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-44961 | 2022-03-01 | N/A | N/A | ||
| A memory leakage flaw exists in the class PerimeterGenerator of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A Specially crafAn out-of-bounds read vulnerability exists in the GCode::extrude() functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially crafted stl file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.ted stl files can exhaust available memory. | |||||
| CVE-2021-42951 | 2022-03-01 | N/A | N/A | ||
| A Remote Code Execution (RCE) vulnerability exists in Algorithmia MSOL all versions before October 10 2021 of SaaS. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new, specially crafted Algorithm and subsequently launch remote code execution with their desired result. | |||||
| CVE-2020-12775 | 2022-03-01 | N/A | N/A | ||
| Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. An unauthenticated remote attacker can exploit this vulnerability to perform command injection attack to execute arbitrary system command, disrupt system or terminate service. | |||||
| CVE-2022-25096 | 2022-03-01 | N/A | N/A | ||
| Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php. | |||||