Total
1925 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0504 | 4 Canonical, Opensuse, Oracle and 1 more | 5 Ubuntu Linux, Leap, Opensuse and 2 more | 2025-04-12 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0503. | |||||
| CVE-2015-0411 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2025-04-12 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption. | |||||
| CVE-2014-9278 | 2 Openbsd, Redhat | 3 Openssh, Enterprise Linux, Fedora | 2025-04-12 | 4.0 MEDIUM | N/A |
| The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login. | |||||
| CVE-2016-0668 | 5 Debian, Mariadb, Opensuse and 2 more | 5 Debian Linux, Mariadb, Leap and 2 more | 2025-04-12 | 1.7 LOW | 4.1 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB. | |||||
| CVE-2015-5229 | 1 Redhat | 8 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 5 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors. | |||||
| CVE-2015-4913 | 4 Novell, Opensuse, Oracle and 1 more | 16 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit and 13 more | 2025-04-12 | 3.5 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858. | |||||
| CVE-2016-2150 | 5 Debian, Microsoft, Opensuse and 2 more | 12 Debian Linux, Windows, Leap and 9 more | 2025-04-12 | 3.6 LOW | 7.1 HIGH |
| SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261. | |||||
| CVE-2014-3615 | 5 Canonical, Debian, Opensuse and 2 more | 13 Ubuntu Linux, Debian Linux, Opensuse and 10 more | 2025-04-12 | 2.1 LOW | N/A |
| The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. | |||||
| CVE-2016-3452 | 4 Ibm, Mariadb, Oracle and 1 more | 5 Powerkvm, Mariadb, Linux and 2 more | 2025-04-12 | 4.3 MEDIUM | 3.7 LOW |
| Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption. | |||||
| CVE-2015-1779 | 6 Canonical, Debian, Fedoraproject and 3 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2025-04-12 | 7.8 HIGH | 8.6 HIGH |
| The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section. | |||||
| CVE-2016-0610 | 6 Canonical, Debian, Mariadb and 3 more | 7 Ubuntu Linux, Debian Linux, Mariadb and 4 more | 2025-04-12 | 3.5 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. | |||||
| CVE-2014-8080 | 4 Canonical, Opensuse, Redhat and 1 more | 4 Ubuntu Linux, Opensuse, Enterprise Linux and 1 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack. | |||||
| CVE-2016-0641 | 6 Debian, Ibm, Mariadb and 3 more | 7 Debian Linux, Powerkvm, Mariadb and 4 more | 2025-04-12 | 4.9 MEDIUM | 5.1 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM. | |||||
| CVE-2016-0665 | 3 Canonical, Oracle, Redhat | 3 Ubuntu Linux, Mysql, Enterprise Linux | 2025-04-12 | 3.5 LOW | 5.5 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Security: Encryption. | |||||
| CVE-2016-2183 | 6 Cisco, Nodejs, Openssl and 3 more | 9 Content Security Management Appliance, Node.js, Openssl and 6 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. | |||||
| CVE-2016-0639 | 2 Oracle, Redhat | 2 Mysql, Enterprise Linux | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable Authentication. | |||||
| CVE-2014-3566 | 11 Apple, Debian, Fedoraproject and 8 more | 20 Mac Os X, Debian Linux, Fedora and 17 more | 2025-04-12 | 4.3 MEDIUM | 3.4 LOW |
| The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | |||||
| CVE-2016-6325 | 2 Apache, Redhat | 11 Tomcat, Enterprise Linux, Enterprise Linux Desktop and 8 more | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group. | |||||
| CVE-2015-4022 | 3 Apple, Php, Redhat | 9 Mac Os X, Php, Enterprise Linux and 6 more | 2025-04-12 | 7.5 HIGH | N/A |
| Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. | |||||
| CVE-2015-4598 | 2 Php, Redhat | 8 Php, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2025-04-12 | 7.5 HIGH | 6.5 MEDIUM |
| PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\0.html attack that bypasses an intended configuration in which client users may write to only .html files. | |||||