Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1961 | 1 Protector System | 1 Protector System | 2016-12-19 | 7.5 HIGH | N/A |
| blocker.php in Protector System 1.15b1 allows remote attackers to bypass SQL injection protection and execute limited SQL commands via URL-encoded "'" characters ("%27"). | |||||
| CVE-2003-1032 | 1 Pi3 | 1 Pi3web | 2016-12-19 | 5.0 MEDIUM | N/A |
| Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured to use the "Name" column and sort using the column title as a hyperlink, allows remote attackers to cause a denial of service (crash) via a malformed URL to the web server, possibly involving a buffer overflow. | |||||
| CVE-2005-2023 | 1 Suse | 1 Suse Linux | 2016-12-19 | 10.0 HIGH | N/A |
| The send_pinentry_environment function in asshelp.c in gpg2 on SUSE Linux 9.3 does not properly handle certain options, which can prevent pinentry from being found and causes S/MIME signing to fail. | |||||
| CVE-2014-8608 | 1 K7computing | 1 K7av Sentry Device Driver | 2016-12-15 | 4.9 MEDIUM | N/A |
| The K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to cause a denial of service (NULL pointer dereference) as demonstrated by a filename containing "crashme$$". | |||||
| CVE-2014-4159 | 1 Sap | 1 Supplier Relationship Management | 2016-12-15 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | |||||
| CVE-2016-5852 | 1 Nvidia | 40 Geforce 910m, Geforce 920m, Geforce 920mx and 37 more | 2016-12-14 | 7.2 HIGH | 7.8 HIGH |
| For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-5852 ID is for the NVTray Plugin unquoted service path. | |||||
| CVE-2016-3161 | 1 Nvidia | 40 Geforce 910m, Geforce 920m, Geforce 920mx and 37 more | 2016-12-14 | 7.2 HIGH | 7.8 HIGH |
| For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-3161 ID is for the GameStream unquoted service path. | |||||
| CVE-2015-6845 | 1 Emc | 1 Sourceone Email Supervisor | 2016-12-08 | 7.5 HIGH | N/A |
| EMC SourceOne Email Supervisor before 7.2 does not properly employ random values for session IDs, which makes it easier for remote attackers to obtain access by guessing an ID. | |||||
| CVE-2014-3660 | 5 Apple, Canonical, Debian and 2 more | 5 Mac Os X, Ubuntu Linux, Debian Linux and 2 more | 2016-12-07 | 5.0 MEDIUM | N/A |
| parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack. | |||||
| CVE-2005-2797 | 1 Openbsd | 1 Openssh | 2016-12-07 | 5.0 MEDIUM | N/A |
| OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality. | |||||
| CVE-2006-0512 | 1 Padl Software | 1 Migrationtools | 2016-12-07 | 2.1 LOW | N/A |
| PADL MigrationTools 46 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the temporary files, which are not properly created by (1) migrate_all_online.sh, (2) migrate_all_offline.sh, (3) migrate_all_netinfo_online.sh, (4) migrate_all_netinfo_offline.sh, (5) migrate_all_nis_online.sh, (6) migrate_all_nis_offline.sh, (7) migrate_all_nisplus_online.sh, and (8) migrate_all_nisplus_offline.sh. | |||||
| CVE-2003-0596 | 1 Fdclone | 1 Fdclone | 2016-12-07 | 3.6 LOW | N/A |
| FDclone 2.00a, and other versions before 2.02a, creates temporary directories with predictable names and uses them if they already exist, which allows local users to read or modify files of other fdclone users by creating the directory ahead of time. | |||||
| CVE-2002-1562 | 1 Acme Labs | 1 Thttpd | 2016-12-07 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header. | |||||
| CVE-2003-0499 | 1 Mantis | 1 Mantis | 2016-12-07 | 3.6 LOW | N/A |
| Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations. | |||||
| CVE-2001-1395 | 1 Linux | 1 Linux Kernel | 2016-12-07 | 3.6 LOW | N/A |
| Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 related to "boundary cases," with unknown impact. | |||||
| CVE-2001-1400 | 1 Linux | 1 Linux Kernel | 2016-12-07 | 2.1 LOW | N/A |
| Unknown vulnerabilities in the UDP port allocation for Linux kernel before 2.2.19 could allow local users to cause a denial of service (deadlock). | |||||
| CVE-2001-1398 | 1 Linux | 1 Linux Kernel | 2016-12-07 | 7.5 HIGH | N/A |
| Masquerading code for Linux kernel before 2.2.19 does not fully check packet lengths in certain cases, which may lead to a vulnerability. | |||||
| CVE-2001-1399 | 1 Linux | 1 Linux Kernel | 2016-12-07 | 2.1 LOW | N/A |
| Certain operations in Linux kernel before 2.2.19 on the x86 architecture copy the wrong number of bytes, which might allow attackers to modify memory, aka "User access asm bug on x86." | |||||
| CVE-2002-0871 | 1 Xinetd | 1 Xinetd | 2016-12-07 | 2.1 LOW | N/A |
| xinetd 2.3.4 leaks file descriptors for the signal pipe to services that are launched by xinetd, which could allow those services to cause a denial of service via the pipe. | |||||
| CVE-2001-1396 | 1 Linux | 1 Linux Kernel | 2016-12-07 | 3.6 LOW | N/A |
| Unknown vulnerabilities in strnlen_user for Linux kernel before 2.2.19, with unknown impact. | |||||