Vulnerabilities (CVE)

Total 243251 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-7641 2023-12-10 N/A N/A
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none
CVE-2017-0018 1 Microsoft 1 Internet Explorer 2023-12-10 7.6 HIGH 7.5 HIGH
Microsoft Internet Explorer 10 and 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0037 and CVE-2017-0149.
CVE-2016-7348 2023-12-10 N/A N/A
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none
CVE-2017-3364 1 Oracle 1 Knowledge Management 2023-12-10 5.8 MEDIUM 8.2 HIGH
Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Knowledge Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts).
CVE-2016-4045 1 Open-xchange 1 Open-xchange Appsuite 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Script code can be embedded to RSS feeds using a URL notation. In case a user clicks the corresponding link at the RSS reader of App Suite, code gets executed at the context of the user. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). The attacker needs to reside within the same context to make this attack work.
CVE-2010-4128 2023-12-10 N/A N/A
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none
CVE-2017-7925 1 Dahuasecurity 30 Ddh-hcvr4xxx, Dh-hcvr4xxx Firmware, Dh-hcvr5xxx and 27 more 2023-12-10 5.0 MEDIUM 9.8 CRITICAL
A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information.
CVE-2017-6387 1 Radare 1 Radare2 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DEX file.
CVE-2017-2452 1 Apple 1 Iphone Os 2023-12-10 2.1 LOW 4.6 MEDIUM
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to read text messages on the lock screen via unspecified vectors.
CVE-2017-2449 1 Apple 1 Mac Os X 2023-12-10 9.3 HIGH 7.8 HIGH
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
CVE-2017-6379 1 Drupal 1 Drupal 2023-12-10 5.1 MEDIUM 7.5 HIGH
Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.
CVE-2014-8931 2023-12-10 N/A N/A
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none
CVE-2016-8632 1 Linux 1 Linux Kernel 2023-12-10 7.2 HIGH 7.8 HIGH
The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability.
CVE-2016-9343 1 Rockwellautomation 32 1768 Compact Guardlogix L4xs Controller, 1768 Compact Guardlogix L4xs Controller Firmware, 1768 Compactlogix L4x Controller and 29 more 2023-12-10 7.5 HIGH 10.0 CRITICAL
An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service.
CVE-2011-0109 2023-12-10 N/A N/A
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none
CVE-2016-6835 3 Debian, Qemu, Redhat 4 Debian Linux, Qemu, Enterprise Linux and 1 more 2023-12-10 2.1 LOW 6.0 MEDIUM
The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (buffer over-read) by leveraging failure to check IP header length.
CVE-2016-9051 1 Aerospike 1 Database Server 2023-12-10 7.5 HIGH 9.8 CRITICAL
An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds write resulting in memory corruption which can lead to remote code execution. An attacker can simply connect to the port to trigger this vulnerability.
CVE-2017-0486 1 Google 1 Android 2023-12-10 7.1 HIGH 5.5 MEDIUM
A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33621215.
CVE-2017-3266 1 Oracle 1 Outside In Technology 2023-12-10 7.5 HIGH 9.8 CRITICAL
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in takeover of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).
CVE-2016-9298 1 Imagemagick 1 Imagemagick 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c in ImageMagick before 6.9.6-4 and 7.x before 7.0.3-6 allows remote attackers to cause a denial of service (crash) via a crafted image.