Max CVSS 10.0 Min CVSS 1.7 Total Count94
IDCVSSSummaryLast (major) updatePublished
CVE-2015-3197 4.3
ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 tra
09-05-2017 - 21:29 14-02-2016 - 21:59
CVE-2015-7799 4.9
The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted P
23-03-2017 - 21:59 19-10-2015 - 06:59
CVE-2014-9529 7.2
Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that
02-01-2017 - 21:59 09-01-2015 - 16:59
CVE-2014-8989 4.6
The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the g
02-01-2017 - 21:59 29-11-2014 - 20:59
CVE-2015-4913 3.5
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.
23-12-2016 - 21:59 21-10-2015 - 20:00
CVE-2015-4870 4.0
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.
23-12-2016 - 21:59 21-10-2015 - 19:59
CVE-2015-4861 3.5
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
23-12-2016 - 21:59 21-10-2015 - 19:59
CVE-2015-4858 4.0
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.
23-12-2016 - 21:59 21-10-2015 - 19:59
CVE-2015-4836 2.8
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.
23-12-2016 - 21:59 21-10-2015 - 19:59
CVE-2015-4830 4.0
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.
23-12-2016 - 21:59 21-10-2015 - 17:59
CVE-2015-4826 4.0
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.
23-12-2016 - 21:59 21-10-2015 - 17:59
CVE-2015-4815 4.0
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.
23-12-2016 - 21:59 21-10-2015 - 17:59
CVE-2015-4807 3.5
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache.
23-12-2016 - 21:59 21-10-2015 - 17:59
CVE-2015-4802 4.0
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.
23-12-2016 - 21:59 21-10-2015 - 17:59
CVE-2015-4792 1.7
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.
23-12-2016 - 21:59 21-10-2015 - 17:59
CVE-2016-0605 2.1
Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors.
22-12-2016 - 09:22 20-01-2016 - 22:02
CVE-2016-0607 2.8
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication.
22-12-2016 - 09:22 20-01-2016 - 22:02
CVE-2015-5157 7.2
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI.
21-12-2016 - 21:59 31-08-2015 - 06:59
CVE-2015-0254 7.5
Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag.
21-12-2016 - 21:59 09-03-2015 - 10:59
CVE-2015-6937 4.9
The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was
07-12-2016 - 22:13 19-10-2015 - 06:59
CVE-2016-1903 6.4
The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and app
07-12-2016 - 13:33 19-01-2016 - 00:59
CVE-2016-0616 4.0
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
07-12-2016 - 13:32 20-01-2016 - 22:02
CVE-2016-0611 4.0
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
07-12-2016 - 13:32 20-01-2016 - 22:02
CVE-2016-0610 3.5
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
07-12-2016 - 13:32 20-01-2016 - 22:02
CVE-2016-0609 1.7
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors relat
07-12-2016 - 13:32 20-01-2016 - 22:02
CVE-2016-0608 3.5
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UD
07-12-2016 - 13:32 20-01-2016 - 22:02
CVE-2016-0606 3.5
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related
07-12-2016 - 13:31 20-01-2016 - 22:02
CVE-2016-0600 3.5
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors relat
07-12-2016 - 13:31 20-01-2016 - 22:02
CVE-2016-0598 3.5
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DM
07-12-2016 - 13:31 20-01-2016 - 22:02
CVE-2016-0597 4.0
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors relat
07-12-2016 - 13:31 20-01-2016 - 22:02
CVE-2016-0596 4.0
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.
07-12-2016 - 13:31 20-01-2016 - 22:02
CVE-2016-0595 4.0
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML.
07-12-2016 - 13:31 20-01-2016 - 22:02
CVE-2016-0594 4.3
Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows remote authenticated users to affect availability via vectors related to DML.
07-12-2016 - 13:31 20-01-2016 - 22:02
CVE-2016-0546 7.2
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unkn
07-12-2016 - 13:31 20-01-2016 - 22:01
CVE-2016-0505 6.8
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors relat
07-12-2016 - 13:31 20-01-2016 - 22:00
CVE-2016-0504 6.8
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0503.
07-12-2016 - 13:31 20-01-2016 - 22:00
CVE-2016-0503 4.0
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0504.
07-12-2016 - 13:31 20-01-2016 - 22:00
CVE-2016-0502 4.0
Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
07-12-2016 - 13:31 20-01-2016 - 22:00
CVE-2015-8569 1.9
The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection
07-12-2016 - 13:28 28-12-2015 - 06:59
CVE-2015-8543 6.9
The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer
07-12-2016 - 13:28 28-12-2015 - 06:59
CVE-2015-8215 5.0
net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the mi
07-12-2016 - 13:26 16-11-2015 - 16:59
CVE-2015-8104 4.7
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.
07-12-2016 - 13:26 16-11-2015 - 06:59
CVE-2015-7990 5.9
Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket t
07-12-2016 - 13:25 28-12-2015 - 06:59
CVE-2015-7885 2.1
The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
07-12-2016 - 13:25 28-12-2015 - 06:59
CVE-2015-7803 6.8
The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry i
07-12-2016 - 13:25 11-12-2015 - 07:00
CVE-2015-7744 2.6
wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote att
07-12-2016 - 13:25 22-01-2016 - 10:59
CVE-2015-5307 4.9
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.
07-12-2016 - 13:16 16-11-2015 - 06:59
CVE-2015-5291 6.8
Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a lon
07-12-2016 - 13:16 02-11-2015 - 14:59
CVE-2015-0272 5.0
GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.
06-12-2016 - 22:01 17-11-2015 - 10:59
CVE-2016-2213 4.3
The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data.
05-12-2016 - 22:08 03-02-2016 - 09:59
CVE-2016-1938 6.4
The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protecti
05-12-2016 - 22:07 31-01-2016 - 13:59
CVE-2016-1935 9.3
Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content.
05-12-2016 - 22:07 31-01-2016 - 13:59
CVE-2016-1930 10.0
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod
05-12-2016 - 22:07 31-01-2016 - 13:59
CVE-2016-0755 5.0
The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
05-12-2016 - 22:05 29-01-2016 - 15:59
CVE-2016-0753 5.0
Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted para
05-12-2016 - 22:05 15-02-2016 - 21:59
CVE-2016-0752 5.0
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unre
05-12-2016 - 22:05 15-02-2016 - 21:59
CVE-2016-0751 5.0
actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows
05-12-2016 - 22:05 15-02-2016 - 21:59
CVE-2016-0747 5.0
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.
05-12-2016 - 22:05 15-02-2016 - 14:59
CVE-2016-0746 7.5
Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response relate
05-12-2016 - 22:05 15-02-2016 - 14:59
CVE-2016-0742 5.0
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.
05-12-2016 - 22:05 15-02-2016 - 14:59
CVE-2016-0728 7.2
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and us
05-12-2016 - 22:05 07-02-2016 - 22:59
CVE-2016-0723 5.6
Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGE
05-12-2016 - 22:05 07-02-2016 - 22:59
CVE-2015-8785 4.9
The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
05-12-2016 - 22:04 07-02-2016 - 22:59
CVE-2015-8783 4.3
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image.
05-12-2016 - 22:04 01-02-2016 - 16:59
CVE-2015-8782 4.3
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781.
05-12-2016 - 22:04 01-02-2016 - 16:59
CVE-2015-8781 4.3
tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782.
05-12-2016 - 22:04 01-02-2016 - 16:59
CVE-2015-8767 4.9
net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
05-12-2016 - 22:04 07-02-2016 - 22:59
CVE-2015-8575 2.1
The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted
05-12-2016 - 22:04 07-02-2016 - 22:59
CVE-2015-8036 6.8
Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the se
05-12-2016 - 22:03 02-11-2015 - 14:59
CVE-2015-7581 5.0
actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by leveraging an app
05-12-2016 - 22:03 15-02-2016 - 21:59
CVE-2015-7580 4.3
Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node.
05-12-2016 - 22:03 15-02-2016 - 21:59
CVE-2015-7579 4.3
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer clas
05-12-2016 - 22:03 15-02-2016 - 21:59
CVE-2015-7578 4.3
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes.
05-12-2016 - 22:03 15-02-2016 - 21:59
CVE-2015-7577 5.0
activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy o
05-12-2016 - 22:03 15-02-2016 - 21:59
CVE-2015-7576 4.3
The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4
05-12-2016 - 22:03 15-02-2016 - 21:59
CVE-2015-7566 4.9
The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by ins
05-12-2016 - 22:03 07-02-2016 - 22:59
CVE-2015-7550 4.9
The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified
05-12-2016 - 22:03 07-02-2016 - 22:59
CVE-2016-2069 4.4
Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.
02-12-2016 - 22:24 27-04-2016 - 13:59
CVE-2015-8784 4.3
The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif.
02-12-2016 - 22:14 13-04-2016 - 13:59
CVE-2015-8683 4.3
The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image.
02-12-2016 - 22:13 13-04-2016 - 13:59
CVE-2015-8665 4.3
tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.
02-12-2016 - 22:13 13-04-2016 - 13:59
CVE-2015-8552 1.7
The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption)
02-12-2016 - 22:13 13-04-2016 - 11:59
CVE-2015-8551 4.7
The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash)
02-12-2016 - 22:13 13-04-2016 - 11:59
CVE-2015-8550 5.7
Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.
02-12-2016 - 22:13 14-04-2016 - 10:59
CVE-2016-2041 5.0
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restri
28-11-2016 - 15:02 19-02-2016 - 20:59
CVE-2016-2040 3.5
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) s
28-11-2016 - 15:02 19-02-2016 - 20:59
CVE-2016-2039 5.0
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.
28-11-2016 - 15:02 19-02-2016 - 20:59
CVE-2016-1927 5.0
The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a bru
28-11-2016 - 15:02 19-02-2016 - 20:59
CVE-2014-9761 7.5
Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2)
28-11-2016 - 14:14 19-04-2016 - 17:59
CVE-2016-2043 3.5
Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the
17-08-2016 - 15:37 19-02-2016 - 20:59
CVE-2016-2042 5.0
phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path
17-08-2016 - 15:36 19-02-2016 - 20:59
CVE-2016-2038 5.0
phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
17-08-2016 - 14:56 19-02-2016 - 20:59
CVE-2015-5969 2.1
The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Lin
14-04-2016 - 09:48 08-04-2016 - 11:59
CVE-2015-8765 7.5
Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, 5.1.x before 5.1.3 Hotfix 1106041, and 5.3.x before 5.3.1 Hotfix 1106041 allow remote attackers to execute arbitrary code via a crafted serialized Java object, related to the Apache Co
13-01-2016 - 14:21 08-01-2016 - 15:59
Back to Top Mark selected
Back to Top