Total
246720 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-3688 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none | |||||
CVE-2016-7785 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. | |||||
CVE-2009-3680 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none | |||||
CVE-2016-8779 | 1 Huawei | 1 Fusionaccess | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory Access Protocol (LDAP) operation command into a specific input variable to obtain sensitive information from the database. | |||||
CVE-2014-8731 | 1 Phpmemcachedadmin Project | 1 Phpmemcachedadmin | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related "serialized data and the last part of the concatenated filename," which creates a file in webroot. | |||||
CVE-2016-7712 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | |||||
CVE-2017-5902 | 1 Payquicker | 1 Mypayquicker | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The PayQuicker app 1.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-3262 | 1 Oracle | 2 Jdk, Jre | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control). The supported version that is affected is Java SE: 8u112. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to Java Mission Control Installation. CVSS v3.0 Base Score 5.3 (Confidentiality impacts). | |||||
CVE-2016-6129 | 2 Libtom, Op-tee | 2 Libtomcrypt, Op-tee Os | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack. | |||||
CVE-2017-3428 | 1 Oracle | 1 One-to-one Fulfillment | 2023-12-10 | 5.8 MEDIUM | 8.2 HIGH |
Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). | |||||
CVE-2008-4850 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none | |||||
CVE-2017-3064 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability when parsing a shape outline. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2017-7585 | 1 Libsndfile Project | 1 Libsndfile | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file. | |||||
CVE-2016-7426 | 4 Canonical, Hpe, Ntp and 1 more | 9 Ubuntu Linux, Hpux-ntp, Ntp and 6 more | 2023-12-10 | 4.3 MEDIUM | 7.5 HIGH |
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. | |||||
CVE-2017-5938 | 4 Debian, Opensuse, Opensuse Project and 1 more | 4 Debian Linux, Leap, Leap and 1 more | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name. | |||||
CVE-2008-0705 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none | |||||
CVE-2009-3138 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none | |||||
CVE-2016-7615 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component, which allows local users to cause a denial of service via unspecified vectors. | |||||
CVE-2016-3038 | 1 Ibm | 1 Cognos Business Intelligence | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114614. | |||||
CVE-2016-10225 | 1 Allwinner | 4 A83t, H3, H8 and 1 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxi_debug/sunxi_debug. |