Vulnerabilities (CVE)

Total 243248 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-6470 1 Resource Data Management Data Manager 1 Data Manager 2023-12-10 5.5 MEDIUM N/A
Resource Data Management Data Manager before 2.2 allows remote authenticated users to modify arbitrary passwords via unspecified vectors.
CVE-2015-2602 1 Oracle 1 Fusion Middleware 2023-12-10 7.5 HIGH N/A
Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2603, CVE-2015-2604, CVE-2015-2605, CVE-2015-2606, and CVE-2015-4745.
CVE-2016-0742 6 Apple, Canonical, Debian and 3 more 6 Xcode, Ubuntu Linux, Debian Linux and 3 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.
CVE-2015-8662 1 Ffmpeg 1 Ffmpeg 2023-12-10 7.5 HIGH 7.3 HIGH
The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data.
CVE-2015-4143 2 Opensuse, W1.fi 3 Opensuse, Hostapd, Wpa Supplicant 2023-12-10 5.0 MEDIUM N/A
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.
CVE-2016-0666 6 Debian, Ibm, Mariadb and 3 more 7 Debian Linux, Powerkvm, Mariadb and 4 more 2023-12-10 3.5 LOW 5.5 MEDIUM
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.
CVE-2016-3258 1 Microsoft 4 Windows 10, Windows 8.1, Windows Rt 8.1 and 1 more 2023-12-10 1.2 LOW 4.7 MEDIUM
Race condition in the kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Low Integrity protection mechanism and write to files by leveraging unspecified object-manager features, aka "Windows File System Security Feature Bypass."
CVE-2015-5432 1 Hp 2 Matrix Operating Environment, Virtual Connect Enterprise Manager Sdk 2023-12-10 7.5 HIGH N/A
HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
CVE-2015-6469 1 Ibc Solar 2 Danfoss Tlx Pro\+, Servemaster Tlp\+ 2023-12-10 5.0 MEDIUM N/A
The interpreter in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allows remote attackers to discover script source code via unspecified vectors.
CVE-2014-6451 1 Juniper 2 Junos, Vsrx 2023-12-10 7.8 HIGH N/A
J-Web in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service (system reboot) via unspecified vectors.
CVE-2015-8748 1 Radicale 1 Radicale 2023-12-10 5.0 MEDIUM 5.3 MEDIUM
Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*".
CVE-2016-6392 1 Cisco 2 Ios, Ios Xe 2023-12-10 7.8 HIGH 7.5 HIGH
Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.1 through 3.9 allow remote attackers to cause a denial of service (device restart) via a crafted IPv4 Multicast Source Discovery Protocol (MSDP) Source-Active (SA) message, aka Bug ID CSCud36767.
CVE-2015-5213 4 Apache, Canonical, Debian and 1 more 4 Openoffice, Ubuntu Linux, Debian Linux and 1 more 2023-12-10 6.8 MEDIUM N/A
Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a long DOC file, which triggers a buffer overflow.
CVE-2015-4245 2023-12-10 N/A N/A
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none
CVE-2016-5588 1 Oracle 1 Outside In Technology 2023-12-10 7.5 HIGH 8.6 HIGH
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5558, CVE-2016-5574, CVE-2016-5577, CVE-2016-5578, and CVE-2016-5579.
CVE-2015-8635 5 Adobe, Apple, Google and 2 more 9 Air, Air Sdk, Air Sdk \& Compiler and 6 more 2023-12-10 9.3 HIGH 8.8 HIGH
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650.
CVE-2016-8293 1 Oracle 1 Peoplesoft Enterprise Peopletools 2023-12-10 5.8 MEDIUM 8.2 HIGH
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Integration Broker, a different vulnerability than CVE-2016-5529 and CVE-2016-5530.
CVE-2015-6095 1 Microsoft 7 Windows 10, Windows 7, Windows 8 and 4 more 2023-12-10 4.9 MEDIUM N/A
Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles password changes, which allows physically proximate attackers to bypass authentication, and conduct decryption attacks against certain BitLocker configurations, by connecting to an unintended Key Distribution Center (KDC), aka "Windows Kerberos Security Feature Bypass."
CVE-2016-0993 6 Adobe, Apple, Google and 3 more 15 Air, Air Desktop Runtime, Air Sdk and 12 more 2023-12-10 9.3 HIGH 8.8 HIGH
Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-1010.
CVE-2015-2906 1 Mobile Devices 1 C4 Obd-ii Dongle Firmware 2023-12-10 9.0 HIGH N/A
Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, store SSH private keys that are the same across different customers' installations, which makes it easier for remote attackers to obtain access by leveraging knowledge of a private key from another installation.