Max CVSS 9.0 Min CVSS 1.9 Total Count23
IDCVSSSummaryLast (major) updatePublished
CVE-2015-3197 4.3
ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 tra
09-05-2017 - 21:29 14-02-2016 - 21:59
CVE-2015-2752 4.9
The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the devi
10-01-2017 - 21:59 01-04-2015 - 10:59
CVE-2015-2756 4.9
QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O
02-01-2017 - 21:59 01-04-2015 - 10:59
CVE-2015-4106 7.2
QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly ha
30-12-2016 - 21:59 03-06-2015 - 16:59
CVE-2015-4105 4.9
Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations.
30-12-2016 - 21:59 03-06-2015 - 16:59
CVE-2015-4104 7.8
Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors.
30-12-2016 - 21:59 03-06-2015 - 16:59
CVE-2015-4103 4.9
Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and acces
30-12-2016 - 21:59 03-06-2015 - 16:59
CVE-2015-5288 6.4
The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via
23-12-2016 - 21:59 26-10-2015 - 10:59
CVE-2015-8377 6.5
SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter in a
07-12-2016 - 13:27 15-12-2015 - 16:59
CVE-2015-8369 7.5
SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php.
07-12-2016 - 13:27 17-12-2015 - 14:59
CVE-2016-1567 6.8
chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
05-12-2016 - 22:07 26-01-2016 - 14:59
CVE-2016-1526 5.8
The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive inform
05-12-2016 - 22:07 12-02-2016 - 21:59
CVE-2016-1523 4.3
The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (mis
05-12-2016 - 22:06 12-02-2016 - 21:59
CVE-2016-0773 5.0
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a
05-12-2016 - 22:05 17-02-2016 - 10:59
CVE-2016-0766 9.0
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privilege
05-12-2016 - 22:05 17-02-2016 - 10:59
CVE-2015-6005 3.5
Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names
05-12-2016 - 22:03 26-12-2015 - 22:59
CVE-2015-6004 6.5
Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device
05-12-2016 - 22:03 26-12-2015 - 22:59
CVE-2015-8604 6.5
SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action.
02-12-2016 - 22:13 11-04-2016 - 17:59
CVE-2015-7511 1.9
Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.
30-11-2016 - 22:01 19-04-2016 - 17:59
CVE-2016-2313 6.5
auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database.
28-11-2016 - 15:03 13-04-2016 - 13:59
CVE-2015-8807 4.3
Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers
18-05-2016 - 17:29 13-04-2016 - 12:59
CVE-2016-2228 4.3
Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield
20-04-2016 - 12:58 13-04-2016 - 12:59
CVE-2015-8261 7.5
The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request.
08-01-2016 - 14:06 07-01-2016 - 21:59
Back to Top Mark selected
Back to Top