Max CVSS 10.0 Min CVSS 1.0 Total Count317
IDCVSSSummaryLast (major) updatePublished
CVE-2018-0456 6.8
A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application of an affected device to restart unexpectedly. The vulnerabili
17-10-2018 - 16:29 17-10-2018 - 16:29
CVE-2018-15378 4.3
A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be
15-10-2018 - 13:29 15-10-2018 - 13:29
CVE-2018-1000805 6.5
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
08-10-2018 - 11:29 08-10-2018 - 11:29
CVE-2018-16644 4.3
There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image.
06-09-2018 - 18:29 06-09-2018 - 18:29
CVE-2018-13259 7.5
An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one.
05-09-2018 - 04:29 05-09-2018 - 04:29
CVE-2018-0502 7.5
An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line.
05-09-2018 - 04:29 05-09-2018 - 04:29
CVE-2018-15501 5.0
In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-bounds read that leads to DoS.
17-08-2018 - 22:29 17-08-2018 - 22:29
CVE-2018-14526 3.3
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abu
08-08-2018 - 15:29 08-08-2018 - 15:29
CVE-2018-14682 6.8
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.
28-07-2018 - 19:29 28-07-2018 - 19:29
CVE-2018-14681 6.8
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.
28-07-2018 - 19:29 28-07-2018 - 19:29
CVE-2018-14680 4.3
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
28-07-2018 - 19:29 28-07-2018 - 19:29
CVE-2018-2903 4.9
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructur
18-07-2018 - 09:29 18-07-2018 - 09:29
CVE-2018-2892 7.2
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Availability Suite Service). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows low privileged attacker with logon t
18-07-2018 - 09:29 18-07-2018 - 09:29
CVE-2018-10888 4.3
A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.
10-07-2018 - 10:29 10-07-2018 - 10:29
CVE-2018-10887 5.8
A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read befo
10-07-2018 - 10:29 10-07-2018 - 10:29
CVE-2017-7805 5.0
During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocat
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-11235 6.8
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that
30-05-2018 - 00:29 30-05-2018 - 00:29
CVE-2018-2718 7.8
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RPC). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to com
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-1100 7.2
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user.
11-04-2018 - 15:29 11-04-2018 - 15:29
CVE-2018-1083 7.2
Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to
28-03-2018 - 09:29 28-03-2018 - 09:29
CVE-2018-1171 6.9
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order t
19-03-2018 - 14:29 19-03-2018 - 14:29
CVE-2018-8099 4.3
Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file.
13-03-2018 - 20:29 13-03-2018 - 20:29
CVE-2018-7750 7.5
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is co
13-03-2018 - 14:29 13-03-2018 - 14:29
CVE-2018-1071 2.1
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.
09-03-2018 - 10:29 09-03-2018 - 10:29
CVE-2018-2717 3.3
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SPARC Platform). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infras
17-01-2018 - 21:29 17-01-2018 - 21:29
CVE-2018-2710 7.8
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 10. Easily exploitable vulnerability allows unauthenticated attacker with network access via ICMP to comprom
17-01-2018 - 21:29 17-01-2018 - 21:29
CVE-2017-14997 7.1
GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c.
03-10-2017 - 21:29 03-10-2017 - 21:29
CVE-2017-3632 10.0
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: CDE Calendar). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10122 1.2
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructur
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10042 7.8
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: IKE). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via IKE to compr
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10036 7.8
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NFSv4). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFSv4 to c
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10004 7.2
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10003 4.4
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network Services Library). The supported version that is affected is 10. Difficult to exploit vulnerability allows low privileged attacker with logon to the in
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10794 4.3
When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode.
02-07-2017 - 18:29 02-07-2017 - 18:29
CVE-2013-6668 7.5
Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
06-01-2017 - 21:59 05-03-2014 - 00:11
CVE-2013-6667 7.5
Multiple unspecified vulnerabilities in Google Chrome before 33.0.1750.146 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
06-01-2017 - 21:59 05-03-2014 - 00:11
CVE-2013-6666 5.8
The PepperFlashRendererHost::OnNavigate function in renderer/pepper/pepper_flash_renderer_host.cc in Google Chrome before 33.0.1750.146 does not verify that all headers are Cross-Origin Resource Sharing (CORS) simple headers before proceeding with a
06-01-2017 - 21:59 05-03-2014 - 00:11
CVE-2013-6665 7.5
Heap-based buffer overflow in the ResourceProvider::InitializeSoftware function in cc/resources/resource_provider.cc in Google Chrome before 33.0.1750.146 allows remote attackers to cause a denial of service or possibly have unspecified other impact
06-01-2017 - 21:59 05-03-2014 - 00:11
CVE-2013-6664 7.5
Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 33.0.1750.146, allows remote attackers to cause a denial of service or possibly h
06-01-2017 - 21:59 05-03-2014 - 00:11
CVE-2013-6663 7.5
Use-after-free vulnerability in the SVGImage::setContainerSize function in core/svg/graphics/SVGImage.cpp in the SVG implementation in Blink, as used in Google Chrome before 33.0.1750.146, allows remote attackers to cause a denial of service or possi
06-01-2017 - 21:59 05-03-2014 - 00:11
CVE-2011-3389 4.3
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man
06-01-2017 - 21:59 06-09-2011 - 15:55
CVE-2015-2574 2.1
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality via unknown vectors related to Text Utilities.
04-01-2017 - 11:24 16-04-2015 - 13:00
CVE-2015-0471 4.4
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libelfsign.
02-01-2017 - 21:59 16-04-2015 - 12:59
CVE-2015-0430 1.9
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality via vectors related to RPC Utility.
02-01-2017 - 21:59 21-01-2015 - 14:59
CVE-2015-0429 3.3
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to RPC Utility.
02-01-2017 - 21:59 21-01-2015 - 14:59
CVE-2013-6627 5.0
net/http/http_stream_parser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP Informational (aka 1xx) status codes, which allows remote web servers to cause a denial of service (out-of-bounds read) via a crafted response.
30-12-2016 - 21:59 13-11-2013 - 10:55
CVE-2015-4869 4.9
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via unknown vectors related to Kernel.
23-12-2016 - 21:59 21-10-2015 - 19:59
CVE-2015-7236 5.0
Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code.
07-12-2016 - 22:13 01-10-2015 - 16:59
CVE-2013-6635 6.8
Use-after-free vulnerability in the editing implementation in Blink, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that triggers remova
07-12-2016 - 22:04 06-12-2013 - 19:55
CVE-2013-6625 6.8
Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of DOM r
07-12-2016 - 22:03 13-11-2013 - 10:55
CVE-2013-2928 7.5
Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
07-12-2016 - 22:03 16-10-2013 - 16:55
CVE-2013-2927 6.8
Use-after-free vulnerability in the HTMLFormElement::prepareForSubmission function in core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspeci
07-12-2016 - 22:03 16-10-2013 - 16:55
CVE-2013-2926 6.8
Use-after-free vulnerability in the IndentOutdentCommand::tryIndentingAsListItem function in core/editing/IndentOutdentCommand.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows user-assisted remote attackers to cause a denial of ser
07-12-2016 - 22:03 16-10-2013 - 16:55
CVE-2013-2909 7.5
Use-after-free vulnerability in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to inline-block rendering for bidirectional Unicod
07-12-2016 - 22:03 02-10-2013 - 06:35
CVE-2010-1168 7.5
The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and
07-12-2016 - 22:01 21-06-2010 - 12:30
CVE-2010-0624 6.8
Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arb
07-12-2016 - 22:01 15-03-2010 - 09:28
CVE-2009-3563 6.4
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchang
07-12-2016 - 22:01 09-12-2009 - 13:30
CVE-2009-3490 6.8
GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a leg
07-12-2016 - 22:01 30-09-2009 - 11:30
CVE-2005-2495 5.1
Multiple integer overflows in XFree86 before 4.3.0 allow user-assisted attackers to execute arbitrary code via a crafted pixmap image.
07-12-2016 - 22:00 15-09-2005 - 16:03
CVE-2004-0930 5.0
The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.
07-12-2016 - 21:59 27-01-2005 - 00:00
CVE-2016-0535 4.3
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via vectors related to RPC.
07-12-2016 - 13:31 20-01-2016 - 22:01
CVE-2015-0375 5.0
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect confidentiality via unknown vectors related to Network.
07-12-2016 - 12:23 21-01-2015 - 13:59
CVE-2014-6521 7.2
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via vectors related to CDE - Power Management Utility.
07-12-2016 - 06:22 21-01-2015 - 09:59
CVE-2014-6575 5.0
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Network, a different vulnerability than CVE-2004-0230.
06-12-2016 - 22:01 21-01-2015 - 10:28
CVE-2014-6509 4.9
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability via unknown vectors related to Kernel.
06-12-2016 - 22:00 21-01-2015 - 09:59
CVE-2014-6481 4.3
Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote attackers to affect confidentiality via vectors related to KSSL.
06-12-2016 - 22:00 21-01-2015 - 09:59
CVE-2014-6480 6.5
Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to System management.
06-12-2016 - 22:00 21-01-2015 - 09:59
CVE-2014-4259 9.0
Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to System management.
06-12-2016 - 22:00 21-01-2015 - 09:59
CVE-2016-3441 7.2
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Filesystem.
02-12-2016 - 22:27 21-04-2016 - 07:00
CVE-2016-3419 2.1
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to Filesystem.
02-12-2016 - 22:26 21-04-2016 - 07:00
CVE-2016-0693 10.0
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the PAM LDAP module.
02-12-2016 - 22:17 21-04-2016 - 06:59
CVE-2016-0676 4.0
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to the kernel.
02-12-2016 - 22:17 21-04-2016 - 06:59
CVE-2016-5559 4.0
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect integrity via vectors related to Kernel.
28-11-2016 - 15:27 25-10-2016 - 10:30
CVE-2016-5544 7.2
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel/X86.
28-11-2016 - 15:27 25-10-2016 - 10:30
CVE-2016-5480 1.9
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect integrity via vectors related to Bash.
28-11-2016 - 15:26 25-10-2016 - 10:29
CVE-2016-3453 4.9
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to Kernel.
28-11-2016 - 15:09 21-07-2016 - 06:12
CVE-2015-2662 1.9
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to DHCP Server.
28-11-2016 - 14:21 16-07-2015 - 07:00
CVE-2015-2631 7.2
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to rmformat.
28-11-2016 - 14:21 16-07-2015 - 06:59
CVE-2015-2580 1.9
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to NFSv4.
28-11-2016 - 14:20 16-07-2015 - 06:59
CVE-2014-4215 4.9
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to CPU performance counters (CPC) drivers, a different vulnerability than CVE-2013-5862.
28-11-2016 - 14:12 17-07-2014 - 01:10
CVE-2010-2252 6.8
GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc f
28-11-2016 - 14:07 06-07-2010 - 13:17
CVE-2014-0447 4.9
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2013-5876.
22-11-2016 - 10:52 15-04-2014 - 20:55
CVE-2013-5821 4.6
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via vectors related to RPC.
17-11-2016 - 15:01 15-01-2014 - 11:11
CVE-2014-0390 4.3
Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Java Web Console.
17-11-2016 - 14:50 15-01-2014 - 11:08
CVE-2013-5872 2.1
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to Name Service Cache Daemon (NSCD).
17-11-2016 - 14:49 15-01-2014 - 11:11
CVE-2013-0415 6.0
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Bind/Postinstall script for Bind package.
16-11-2016 - 14:05 16-01-2013 - 20:55
CVE-2013-5864 4.9
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to USB hub driver.
16-11-2016 - 13:53