Total
22706 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-3135 | 1 Oracle | 1 Fusion Middleware | 2017-11-30 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware 28.2.3 and before, and 27.7.2 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
CVE-2013-3009 | 1 Ibm | 1 Java | 2017-11-28 | 9.3 HIGH | N/A |
The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 improperly exposes the invoke method of the java.lang.reflect.Method class, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to the AccessController doPrivileged block. | |||||
CVE-2013-3011 | 1 Ibm | 1 Java | 2017-11-28 | 9.3 HIGH | N/A |
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3009 and CVE-2013-3012. | |||||
CVE-2013-3012 | 1 Ibm | 1 Java | 2017-11-28 | 9.3 HIGH | N/A |
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3009 and CVE-2013-3011. | |||||
CVE-2017-13846 | 1 Apple | 1 Mac Os X | 2017-11-28 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "PCRE" product. Versions before 8.40 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
CVE-2017-13832 | 1 Apple | 1 Mac Os X | 2017-11-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "802.1X" component. It allows attackers to have an unspecified impact by leveraging TLS 1.0 support. | |||||
CVE-2017-13815 | 1 Apple | 1 Mac Os X | 2017-11-27 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "file" product. Versions before 5.31 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
CVE-2017-16521 | 1 Inedo | 1 Buildmaster | 2017-11-27 | 7.5 HIGH | 9.8 CRITICAL |
In Inedo BuildMaster before 5.8.2, XslTransform was used where XslCompiledTransform should have been used. | |||||
CVE-2017-15535 | 1 Mongodb | 1 Mongodb | 2017-11-22 | 6.4 MEDIUM | 9.1 CRITICAL |
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory. | |||||
CVE-2016-4366 | 1 Hp | 1 Systems Insight Manager | 2017-11-17 | 7.5 HIGH | 9.8 CRITICAL |
HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors. | |||||
CVE-2013-3744 | 1 Oracle | 2 Jdk, Jre | 2017-11-17 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2400. | |||||
CVE-2013-3746 | 1 Oracle | 1 Oracle And Sun Systems Product Suite | 2017-11-17 | 7.2 HIGH | N/A |
Unspecified vulnerability in the Solaris Cluster component in Oracle and Sun Systems Products Suite 3.2, 3.3, and 4 prior to 4.1 SRU 3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Zone Cluster Infrastructure. | |||||
CVE-2013-3754 | 1 Oracle | 1 Oracle And Sun Systems Product Suite | 2017-11-17 | 7.2 HIGH | N/A |
Unspecified vulnerability in the Solaris Cluster component in Oracle and Sun Systems Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to HA for TimesTen. | |||||
CVE-2016-5047 | 1 Netapp | 1 Oncommand System Manager | 2017-11-15 | 4.0 MEDIUM | 6.5 MEDIUM |
NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote authenticated users to cause a denial of service via unspecified vectors. | |||||
CVE-2015-8322 | 1 Netapp | 1 Data Ontap | 2017-11-15 | 6.5 MEDIUM | 8.8 HIGH |
NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
CVE-2014-3511 | 1 Openssl | 1 Openssl | 2017-11-14 | 4.3 MEDIUM | N/A |
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a "protocol downgrade" issue. | |||||
CVE-2012-1622 | 1 Apache | 1 Ofbiz | 2017-11-14 | 7.5 HIGH | 9.8 CRITICAL |
Apache OFBiz 10.04.x before 10.04.02 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2017-14351 | 1 Hp | 1 Ucmdb Configuration Manager | 2017-11-10 | 7.5 HIGH | 9.8 CRITICAL |
A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution. | |||||
CVE-2017-10342 | 1 Oracle | 1 Java Advanced Management Console | 2017-11-09 | 5.0 MEDIUM | 5.3 MEDIUM |
Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java Advanced Management Console. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
CVE-2015-2575 | 3 Debian, Mysql, Suse | 5 Debian Linux, Mysql, Linux Enterprise Desktop and 2 more | 2017-11-09 | 4.9 MEDIUM | N/A |
Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J. |