Max CVSS 10.0 Min CVSS 2.1 Total Count25
IDCVSSSummaryLast (major) updatePublished
CVE-2016-0778 4.6
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows r
16-02-2017 - 21:59 14-01-2016 - 17:59
CVE-2016-0777 4.0
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading
16-02-2017 - 21:59 14-01-2016 - 17:59
CVE-2015-5330 5.0
ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending craft
30-12-2016 - 21:59 29-12-2015 - 17:59
CVE-2015-5299 5.0
The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote att
30-12-2016 - 21:59 29-12-2015 - 17:59
CVE-2015-5296 4.3
Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-s
30-12-2016 - 21:59 29-12-2015 - 17:59
CVE-2015-5252 5.0
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points o
30-12-2016 - 21:59 29-12-2015 - 17:59
CVE-2015-3223 5.0
The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a deni
30-12-2016 - 21:59 29-12-2015 - 17:59
CVE-2014-7810 5.0
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attacker
30-12-2016 - 21:59 07-06-2015 - 19:59
CVE-2015-1345 2.1
The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option.
23-12-2016 - 21:59 12-02-2015 - 11:59
CVE-2016-1903 6.4
The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and app
07-12-2016 - 13:33 19-01-2016 - 00:59
CVE-2016-1898 4.3
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary lin
07-12-2016 - 13:33 14-01-2016 - 22:59
CVE-2016-1897 4.3
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of
07-12-2016 - 13:33 14-01-2016 - 22:59
CVE-2015-8605 5.7
ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.
07-12-2016 - 13:28 14-01-2016 - 17:59
CVE-2015-7575 4.3
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it e
07-12-2016 - 13:24 08-01-2016 - 21:59
CVE-2015-5292 6.8
Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a larg
07-12-2016 - 13:16 29-10-2015 - 12:59
CVE-2015-8770 6.0
Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execu
05-12-2016 - 22:04 29-01-2016 - 14:59
CVE-2015-6360 7.8
The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686.
02-12-2016 - 22:11 21-04-2016 - 06:59
CVE-2015-2704 5.0
realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response.
02-12-2016 - 22:05 18-05-2015 - 11:59
CVE-2015-2304 6.4
Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive.
29-11-2016 - 22:01 15-03-2015 - 15:59
CVE-2015-7551 4.6
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers
28-11-2016 - 14:43 23-03-2016 - 21:59
CVE-2013-0211 5.0
Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecifie
28-11-2016 - 14:08 30-09-2013 - 18:55
CVE-2016-1232 5.0
The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack.
09-06-2016 - 07:39 12-01-2016 - 15:59
CVE-2015-8618 5.0
The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.
26-05-2016 - 09:49 27-01-2016 - 15:59
CVE-2015-7519 4.3
agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by
13-01-2016 - 13:54 08-01-2016 - 14:59
CVE-2012-4504 10.0
Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file.
04-06-2013 - 23:38 11-11-2012 - 08:00
Back to Top Mark selected
Back to Top