Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2738 | 1 Nalin Dahyabhai | 1 Vte | 2016-10-25 | 4.0 MEDIUM | N/A |
| The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value. | |||||
| CVE-2015-0973 | 3 Apple, Libpng, Oracle | 3 Mac Os X, Libpng, Solaris | 2016-10-20 | 7.5 HIGH | N/A |
| Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495. | |||||
| CVE-2014-3959 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 11 more | 2016-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1 PEM 11.3.0 through 11.5.1, PSM 11.2.1 through 11.4.1, WebAccelerator and WOM 11.2.1 through 11.3.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2013-2032 | 3 Fedoraproject, Gentoo, Mediawiki | 3 Fedora, Linux, Mediawiki | 2016-10-18 | 5.0 MEDIUM | N/A |
| MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks. | |||||
| CVE-2016-0924 | 2016-10-17 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-2761. Reason: This candidate is subsumed by CVE-2004-2761. Notes: All CVE users should reference CVE-2004-2761 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2014-9495 | 2 Apple, Libpng | 2 Mac Os X, Libpng | 2016-10-17 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image. | |||||
| CVE-2014-3634 | 2 Rsyslog, Sysklogd Project | 2 Rsyslog, Sysklogd | 2016-10-17 | 7.5 HIGH | N/A |
| rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access. | |||||
| CVE-2014-3668 | 1 Php | 1 Php | 2016-10-17 | 5.0 MEDIUM | N/A |
| Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation. | |||||
| CVE-2014-3670 | 1 Php | 1 Php | 2016-10-17 | 6.8 MEDIUM | N/A |
| The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function. | |||||
| CVE-2014-3683 | 2 Rsyslog, Sysklogd Project | 2 Rsyslog, Sysklogd | 2016-10-17 | 5.0 MEDIUM | N/A |
| Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634. | |||||
| CVE-2007-1365 | 1 Openbsd | 1 Openbsd | 2016-10-17 | 10.0 HIGH | N/A |
| Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows remote attackers to execute arbitrary code via fragmented IPv6 packets due to "incorrect mbuf handling for ICMP6 packets." NOTE: this was originally reported as a denial of service. | |||||
| CVE-2013-4262 | 1 Apache | 1 Subversion | 2016-10-17 | 2.4 LOW | N/A |
| svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-2013-7393. | |||||
| CVE-2013-7393 | 1 Apache | 1 Subversion | 2016-10-17 | 2.4 LOW | N/A |
| The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions (ADT3). | |||||
| CVE-2013-7439 | 3 Canonical, Debian, X.org | 4 Ubuntu Linux, Debian Linux, Libx11 and 1 more | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow. | |||||
| CVE-2006-6175 | 1 Horde | 1 Kronolith | 2016-10-17 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in lib/FBView.php in Horde Kronolith H3 before 2.0.7 and 2.1.x before 2.1.4 allows remote attackers to include arbitrary files and execute PHP code via a .. (dot dot) sequence in the view parameter. | |||||
| CVE-2006-6909 | 1 Karl Dahlke | 1 Edbrowse | 2016-10-17 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in http.c in Karl Dahlke Edbrowse (aka Command line editor browser) 3.1.3 allows remote attackers to execute arbitrary code by operating an FTP server that sends directory listings with (1) long user names or (2) long group names. | |||||
| CVE-2006-4921 | 1 Siteatschool | 1 Siteatschool | 2016-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Site@School (S@S) 2.4.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to starnet/modules/include/include.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-5298 | 1 Mutt | 1 Mutt | 2016-10-17 | 1.2 LOW | N/A |
| The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls. | |||||
| CVE-2006-3190 | 1 Hotplug Cms | 1 Hotplug Cms | 2016-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in administration/includes/login/auth.php in HotPlug CMS 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameters. | |||||
| CVE-2006-3963 | 1 Banex | 1 Banex | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner Exchange 2.21 allow remote attackers to execute arbitrary SQL commands via the (1) site_name parameter to (a) signup.php, and the (2) id, (3) deleteuserbanner, (4) viewmem, (5) viewmemunb, (6) viewunmem,or (7) deleteuser parameters to (b) admin.php. | |||||