Total
60767 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-4176 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
fs/namespace.c in the Linux kernel before 4.0.2 does not properly support mount connectivity, which allows local users to read arbitrary files by leveraging user-namespace root access for deletion of a file or directory. | |||||
CVE-2016-0731 | 1 Apache | 1 Ambari | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration. | |||||
CVE-2016-6319 | 1 Theforeman | 1 Foreman | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and possibly other plugins, allows remote attackers to inject arbitrary web script or HTML via the label parameter. | |||||
CVE-2016-0651 | 2 Opensuse, Oracle | 2 Leap, Mysql | 2024-02-04 | 3.5 LOW | 5.5 MEDIUM |
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer. | |||||
CVE-2016-0648 | 6 Debian, Ibm, Mariadb and 3 more | 7 Debian Linux, Powerkvm, Mariadb and 4 more | 2024-02-04 | 4.0 MEDIUM | 5.5 MEDIUM |
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS. | |||||
CVE-2015-8722 | 1 Wireshark | 1 Wireshark | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. | |||||
CVE-2016-2142 | 1 Redhat | 1 Openshift | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on the /etc/origin/master/master-config.yaml configuration file, which allows local users to obtain Active Directory credentials by reading the file. | |||||
CVE-2015-5471 | 1 Swim Team Project | 1 Swim Team | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter. | |||||
CVE-2016-0672 | 1 Oracle | 1 Flexcube Direct Banking | 2024-02-04 | 5.0 MEDIUM | 6.1 MEDIUM |
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.2 and 12.0.3 allows remote attackers to affect confidentiality and integrity via vectors related to Pre-Login. | |||||
CVE-2016-6504 | 1 Wireshark | 1 Wireshark | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet. | |||||
CVE-2015-8558 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-02-04 | 4.9 MEDIUM | 5.5 MEDIUM |
The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list. | |||||
CVE-2016-9118 | 1 Uclouvain | 1 Openjpeg | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2. | |||||
CVE-2016-2012 | 1 Hp | 1 Network Node Manager I | 2024-02-04 | 7.5 HIGH | 6.5 MEDIUM |
HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to bypass authentication via unspecified vectors. | |||||
CVE-2016-4081 | 1 Wireshark | 1 Wireshark | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | |||||
CVE-2015-7791 | 1 Collne | 1 Welcart | 2024-02-04 | 6.5 MEDIUM | 6.3 MEDIUM |
Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) search[column] or (2) switch parameter. | |||||
CVE-2016-5463 | 1 Oracle | 1 Siebel Ui Framework | 2024-02-04 | 3.5 LOW | 4.1 MEDIUM |
Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect integrity via vectors related to SWSE Server, a different vulnerability than CVE-2016-5464. | |||||
CVE-2016-2023 | 1 Hp | 1 Restful Interface Tool | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive information via unspecified vectors. | |||||
CVE-2015-8767 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-02-04 | 4.9 MEDIUM | 6.2 MEDIUM |
net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. | |||||
CVE-2016-6359 | 1 Cisco | 1 Transport Gateway Installation Software | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Cisco Transport Gateway Installation Software 4.1(4.0) on Smart Call Home Transport Gateway devices allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug IDs CSCva40650 and CSCva40817. | |||||
CVE-2015-8736 | 1 Wireshark | 1 Wireshark | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
The mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not reserve memory for a trailer, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file. |