Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1548 | 1 Acme | 1 Mini Httpd | 2016-12-21 | 5.0 MEDIUM | N/A |
| mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read. | |||||
| CVE-2015-1802 | 3 Canonical, Debian, X | 3 Ubuntu Linux, Debian Linux, Libxfont | 2016-12-21 | 8.5 HIGH | N/A |
| The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file. | |||||
| CVE-2015-1885 | 1 Ibm | 1 Websphere Application Server | 2016-12-21 | 9.3 HIGH | N/A |
| WebSphereOauth20SP.ear in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, 8.5 Liberty Profile before 8.5.5.5, and 8.5 Full Profile before 8.5.5.6, when the OAuth grant type requires sending a password, allows remote attackers to gain privileges via unspecified vectors. | |||||
| CVE-2015-1927 | 1 Ibm | 1 Websphere Application Server | 2016-12-21 | 6.8 MEDIUM | N/A |
| The default configuration of IBM WebSphere Application Server (WAS) 7.0.0 before 7.0.0.39, 8.0.0 before 8.0.0.11, and 8.5 before 8.5.5.6 has a false value for the com.ibm.ws.webcontainer.disallowServeServletsByClassname WebContainer property, which allows remote attackers to obtain privileged access via unspecified vectors. | |||||
| CVE-2015-1943 | 1 Ibm | 1 Websphere Portal | 2016-12-21 | 7.8 HIGH | N/A |
| IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request. | |||||
| CVE-2015-2013 | 1 Ibm | 1 Websphere Mq | 2016-12-21 | 5.0 MEDIUM | N/A |
| IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to cause a denial of service (channel-agent abend and process outage) via a crafted selection string in an MQI call. | |||||
| CVE-2015-2602 | 1 Oracle | 1 Fusion Middleware | 2016-12-21 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2603, CVE-2015-2604, CVE-2015-2605, CVE-2015-2606, and CVE-2015-4745. | |||||
| CVE-2015-2603 | 1 Oracle | 1 Fusion Middleware | 2016-12-21 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2602, CVE-2015-2604, CVE-2015-2605, CVE-2015-2606, and CVE-2015-4745. | |||||
| CVE-2015-2604 | 1 Oracle | 1 Fusion Middleware | 2016-12-21 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2602, CVE-2015-2603, CVE-2015-2605, CVE-2015-2606, and CVE-2015-4745. | |||||
| CVE-2015-2605 | 1 Oracle | 1 Fusion Middleware | 2016-12-21 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2602, CVE-2015-2603, CVE-2015-2604, CVE-2015-2606, and CVE-2015-4745. | |||||
| CVE-2015-2606 | 1 Oracle | 1 Fusion Middleware | 2016-12-21 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2602, CVE-2015-2603, CVE-2015-2604, CVE-2015-2605, and CVE-2015-4745. | |||||
| CVE-2015-2807 | 1 Documentcloud | 1 Navis Documentcloud | 2016-12-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter. | |||||
| CVE-2015-2967 | 1 Cacti | 1 Cacti | 2016-12-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in settings.php in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-3291 | 1 Linux | 1 Linux Kernel | 2016-12-21 | 2.1 LOW | N/A |
| arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service (skipped NMI) by modifying the rsp register, issuing a syscall instruction, and triggering an NMI. | |||||
| CVE-2015-3308 | 2 Canonical, Gnu | 2 Ubuntu Linux, Gnutls | 2016-12-21 | 7.5 HIGH | N/A |
| Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point. | |||||
| CVE-2015-3801 | 1 Apple | 2 Iphone Os, Safari | 2016-12-21 | 5.0 MEDIUM | N/A |
| The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors. | |||||
| CVE-2015-3964 | 1 Sma Solar Technology Ag | 1 Webbox Firmware | 2016-12-21 | 10.0 HIGH | N/A |
| SMA Solar Sunny WebBox has hardcoded passwords, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2015-4036 | 1 Linux | 1 Linux Kernel | 2016-12-21 | 7.2 HIGH | N/A |
| Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected function was renamed to vhost_scsi_make_tpg before the vulnerability was announced. | |||||
| CVE-2015-4167 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2016-12-21 | 4.7 MEDIUM | N/A |
| The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem. | |||||
| CVE-2015-4472 | 1 Libmspack Project | 1 Libmspack | 2016-12-21 | 6.8 MEDIUM | N/A |
| Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CHM file. | |||||