Total
247020 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9919 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
| The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through 4.8.12 omits a certain check of the dst data structure, which allows remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet. | |||||
| CVE-2015-8588 | 2023-12-10 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none | |||||
| CVE-2008-4859 | 2023-12-10 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none | |||||
| CVE-2013-0691 | 2023-12-10 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none | |||||
| CVE-2016-9618 | 2023-12-10 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | |||||
| CVE-2015-8994 | 1 Php | 1 Php | 2023-12-10 | 6.8 MEDIUM | 7.5 HIGH |
| An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validate_permission=1 setting. The vulnerability details are as follows. In PHP SAPIs where PHP interpreters share a common parent process, Zend OpCache creates a shared memory object owned by the common parent during initialization. Child PHP processes inherit the SHM descriptor, using it to cache and retrieve compiled script bytecode ("opcode" in PHP jargon). Cache keys vary depending on configuration, but filename is a central key component, and compiled opcode can generally be run if a script's filename is known or can be guessed. Many common shared-hosting configurations change EUID in child processes to enforce privilege separation among hosted users (for example using mod_ruid2 for the Apache HTTP Server, or php-fpm user settings). In these scenarios, the default Zend OpCache behavior defeats script file permissions by sharing a single SHM cache among all child PHP processes. PHP scripts often contain sensitive information: Think of CMS configurations where reading or running another user's script usually means gaining privileges to the CMS database. | |||||
| CVE-2016-6177 | 1 Huawei | 2 Oceanstor 5800 V3, Oceanstor 5800 V3 Firmware | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Huawei OceanStor 5800 V300R003C00 has an integer overflow vulnerability. An authenticated attacker may send massive abnormal Network File System (NFS) packets, causing an anomaly in specific disk arrays. | |||||
| CVE-2009-1543 | 2023-12-10 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none | |||||
| CVE-2016-9582 | 2023-12-10 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | |||||
| CVE-2017-7377 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2023-12-10 | 2.1 LOW | 6.0 MEDIUM |
| The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS privileged users to cause a denial of service (file descriptor or memory consumption) via vectors related to an already in-use fid. | |||||
| CVE-2017-2976 | 1 Adobe | 1 Digital Editions | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2012-5682 | 2023-12-10 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none | |||||
| CVE-2017-5344 | 1 Dotcms | 1 Dotcms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query execution. SQL quote escaping and a keyword blacklist were implemented in a new class, SQLUtil (main/java/com/dotmarketing/common/util/SQLUtil.java), as part of the remediation of CVE-2016-8902; however, these can be overcome in the case of the q and inode parameters to the /categoriesServlet path. Overcoming these controls permits a number of blind boolean SQL injection vectors in either parameter. The /categoriesServlet web path can be accessed remotely and without authentication in a default dotCMS deployment. | |||||
| CVE-2014-7473 | 2023-12-10 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none | |||||
| CVE-2015-7494 | 1 Ibm | 2 Cloud Orchestrator, Smartcloud Orchestrator | 2023-12-10 | 1.7 LOW | 2.8 LOW |
| A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain. | |||||
| CVE-2015-6439 | 2023-12-10 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none | |||||
| CVE-2016-8601 | 2023-12-10 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in a "generally available" software product. Notes: none | |||||
| CVE-2016-9798 | 1 Bluez | 1 Bluez | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. | |||||
| CVE-2016-8412 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31225246. References: QC-CR#1071891. | |||||
| CVE-2017-3495 | 1 Oracle | 1 Flexcube Direct Banking | 2023-12-10 | 4.3 MEDIUM | 4.7 MEDIUM |
| Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Pre-Login). Supported versions that are affected are 12.0.2 and 12.0.3. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Direct Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N). | |||||