Max CVSS 10.0 Min CVSS 1.9 Total Count94
IDCVSSSummaryLast (major) updatePublished
CVE-2018-12397 3.6
A WebExtension can request access to local files without the warning prompt stating that the extension will "Access your data for all websites" being displayed to the user. This allows extensions to run content scripts in local pages without permissi
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-12396 4.3
A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulner
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-12395 5.0
By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Fir
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-12393 5.0
A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bou
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-12392 7.5
When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-12390 7.5
Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to r
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-12389 6.8
Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary co
28-02-2019 - 13:29 28-02-2019 - 13:29
CVE-2018-8628 9.3
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProP
11-12-2018 - 19:29 11-12-2018 - 19:29
CVE-2018-19970 4.3
In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name.
11-12-2018 - 12:29 11-12-2018 - 12:29
CVE-2018-19969 6.8
phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines,
11-12-2018 - 12:29 11-12-2018 - 12:29
CVE-2018-19968 4.0
An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created
11-12-2018 - 12:29 11-12-2018 - 12:29
CVE-2018-18710 2.1
An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds c
29-10-2018 - 08:29 29-10-2018 - 08:29
CVE-2018-15688 7.5
A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.
29-10-2018 - 08:29 26-10-2018 - 10:29
CVE-2018-18690 4.9
In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_
26-10-2018 - 14:29 26-10-2018 - 14:29
CVE-2018-15687 1.9
A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.
26-10-2018 - 10:29 26-10-2018 - 10:29
CVE-2018-15686 10.0
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affec
26-10-2018 - 10:29 26-10-2018 - 10:29
CVE-2018-12379 4.6
When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system wit
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12378 7.5
A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62,
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12377 7.5
A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12376 7.5
Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Fire
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-3214 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulner
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3210 5.0
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network acces
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3183 6.8
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerabil
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3180 6.8
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit v
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3169 5.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthentica
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3152 5.0
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access v
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3149 5.1
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit v
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3139 2.6
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows un
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3136 2.6
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unau
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-2911 6.8
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network acces
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-17294 4.3
The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with c
21-09-2018 - 03:29 21-09-2018 - 03:29
CVE-2018-17144 5.0
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can ma
19-09-2018 - 05:29 19-09-2018 - 04:29
CVE-2018-17098 6.8
The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact, as demonstrated by SoundStretch.
16-09-2018 - 17:29 16-09-2018 - 17:29
CVE-2018-17097 6.8
The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch.
16-09-2018 - 17:29 16-09-2018 - 17:29
CVE-2018-17096 4.3
The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch.
16-09-2018 - 17:29 16-09-2018 - 17:29
CVE-2018-16658 3.6
An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds
07-09-2018 - 10:29 07-09-2018 - 10:29
CVE-2018-14627 4.3
The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections: <trans
04-09-2018 - 08:29 04-09-2018 - 08:29
CVE-2018-16427 2.1
Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.
03-09-2018 - 20:29 03-09-2018 - 20:29
CVE-2018-16426 2.1
Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using program
03-09-2018 - 20:29 03-09-2018 - 20:29
CVE-2018-16423 4.6
A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly hav
03-09-2018 - 20:29 03-09-2018 - 20:29
CVE-2018-16422 4.6
A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (
03-09-2018 - 20:29 03-09-2018 - 20:29
CVE-2018-16420 4.6
Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (applicat
03-09-2018 - 20:29 03-09-2018 - 20:29
CVE-2018-16419 4.6
Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application c
03-09-2018 - 20:29 03-09-2018 - 20:29
CVE-2018-16418 4.6
A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspeci
03-09-2018 - 20:29 03-09-2018 - 20:29
CVE-2018-16393 4.6
Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service
03-09-2018 - 10:29 03-09-2018 - 10:29
CVE-2018-16392 4.6
Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) o
03-09-2018 - 10:29 03-09-2018 - 10:29
CVE-2018-16391 4.6
Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application cra
03-09-2018 - 10:29 03-09-2018 - 10:29
CVE-2018-10902 4.6
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmi
21-08-2018 - 15:29 21-08-2018 - 15:29
CVE-2018-1715 3.5
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosu
16-08-2018 - 09:29 16-08-2018 - 09:29
CVE-2018-1129 3.3
A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Cep
10-07-2018 - 10:29 10-07-2018 - 10:29
CVE-2018-1128 5.4
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authen
10-07-2018 - 10:29 10-07-2018 - 10:29
CVE-2018-10861 5.5
A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be a
10-07-2018 - 10:29 10-07-2018 - 10:29
CVE-2018-13785 4.3
In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.
09-07-2018 - 09:29 09-07-2018 - 09:29
CVE-2018-13094 4.3
An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp.
03-07-2018 - 06:29 03-07-2018 - 06:29
CVE-2018-1000204 6.3
** DISPUTED ** Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fix
26-06-2018 - 10:29 26-06-2018 - 10:29
CVE-2018-10940 4.9
The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.
09-05-2018 - 13:29 09-05-2018 - 13:29
CVE-2018-7566 4.6
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.
30-03-2018 - 17:29 30-03-2018 - 17:29
CVE-2018-7755 2.1
An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioc
08-03-2018 - 02:29 08-03-2018 - 02:29
CVE-2018-1049 4.3
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will h
16-02-2018 - 16:29 16-02-2018 - 16:29
CVE-2018-6954 7.2
systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and la
13-02-2018 - 15:29 13-02-2018 - 15:29
CVE-2017-17806 7.2
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HAS
20-12-2017 - 18:29 20-12-2017 - 18:29
CVE-2017-17805 7.2
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service
20-12-2017 - 18:29 20-12-2017 - 18:29
CVE-2017-16541 4.3
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: T
04-11-2017 - 14:29 04-11-2017 - 14:29
CVE-2017-15671 4.3
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (mem
20-10-2017 - 13:29 20-10-2017 - 13:29
CVE-2017-10400 5.8
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration Graphical User Interface). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attac
19-10-2017 - 13:29 19-10-2017 - 13:29
CVE-2017-10393 6.8
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network
19-10-2017 - 13:29 19-10-2017 - 13:29
CVE-2017-10391 7.5
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network
19-10-2017 - 13:29 19-10-2017 - 13:29
CVE-2017-10385 6.8
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network
19-10-2017 - 13:29 19-10-2017 - 13:29
CVE-2017-10243 6.4
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulne
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10198 4.3
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit v
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10193 2.6
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthen
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10135 4.3
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulner
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10116 5.1
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit v
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10115 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerab
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10111 6.8
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10110 6.8
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10109 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitabl
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10108 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitabl
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10107 6.8
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10102 6.8
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticat
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10101 6.8
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticate
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10096 6.8
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticate
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10090 6.8
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10089 6.8
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multi
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10087 6.8
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthent
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10081 4.3
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthentic
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10078 5.5
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols t
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10074 5.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthent
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10067 5.1
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mu
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2017-10053 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerabi
08-08-2017 - 11:29 08-08-2017 - 11:29
CVE-2014-9728 4.9
The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c
21-12-2016 - 21:59 31-08-2015 - 06:59
CVE-2016-3092 7.8
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (
28-11-2016 - 15:06 04-07-2016 - 18:59
CVE-2016-3713 5.6
The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel before 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or write to the kvm_arch_vcpu data structure, and consequently obtain sensitive information or cause a denial
27-06-2016 - 13:57 27-06-2016 - 06:59
CVE-2014-7970 4.9
The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in bo
16-06-2016 - 09:34 13-10-2014 - 06:55
Back to Top Mark selected
Back to Top