threat
engine
.sh
Back
·
··:··
Home
/
Product
/
oracle solaris
Product
oracle solaris
500 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-34281
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11.
6.5
MEDIUM
CVE-2026-21942
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystems). Supported versions that are affected are
5.0
MEDIUM
CVE-2026-21935
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Driver). The supported version that is affected is 11.
5.8
MEDIUM
CVE-2026-21928
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11.
5.3
MEDIUM
CVE-2026-21927
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Driver). The supported version that is affected is 11.
5.8
MEDIUM
CVE-2025-53070
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is
5.5
MEDIUM
CVE-2025-53068
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11.
6.5
MEDIUM
CVE-2025-30700
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). The supported versio
3.5
LOW
CVE-2025-30690
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is
7.2
HIGH
CVE-2025-21551
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: File system). The supported version that is affected i
6.0
MEDIUM
CVE-2024-21151
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is
3.3
LOW
CVE-2024-21105
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11
2.0
LOW
CVE-2024-21059
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11
7.8
HIGH
CVE-2024-20999
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Zones). The supported version that is affected is 11.
8.2
HIGH
CVE-2024-20946
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11.
5.5
MEDIUM
CVE-2024-20920
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is
3.8
LOW
CVE-2023-22129
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11.
5.5
MEDIUM
CVE-2023-22128
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). Supported versions that are affected are 1
3.1
LOW
CVE-2023-22023
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Interface). The supported version that i
7.8
HIGH
CVE-2023-22003
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). Supported versions that are affected are 10 a
3.3
LOW
CVE-2023-21985
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). Supported versions that are affected are 10 a
7.7
HIGH
CVE-2023-21984
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Libraries). The supported version that is affected is
6.5
MEDIUM
CVE-2023-21948
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Core). The supported version that is affected is 10. E
7.8
HIGH
CVE-2023-21928
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: IPS repository daemon). The supported version that is
1.8
LOW
CVE-2023-21896
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: NSSwitch). Supported versions that are affected are 10
7.0
HIGH
CVE-2023-21900
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: NSSwitch). Supported versions that are affected are 10
4.0
MEDIUM
CVE-2019-9579
all versions
An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5 and 5.1.2, and other products. The SMB server allows an attacker t
8.1
HIGH
CVE-2021-43395
all versions
An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana
5.5
MEDIUM
CVE-2022-39417
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 1
5.5
MEDIUM
CVE-2022-39401
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. E
5.5
MEDIUM
CVE-2022-21610
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: LDoms). The supported version that is affected is 11. Di
3.3
LOW
CVE-2022-21533
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: SMB Server). The supported version that is affected is 1
5.5
MEDIUM
CVE-2022-21524
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 1
7.6
HIGH
CVE-2022-21514
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Remote Administration Daemon). The supported version tha
7.5
HIGH
CVE-2022-21439
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). Supported versions that are affected are 10 and
4.2
MEDIUM
CVE-2022-21494
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. D
4.0
MEDIUM
CVE-2022-21493
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. E
5.9
MEDIUM
CVE-2022-21463
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. E
5.5
MEDIUM
CVE-2022-21461
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. E
5.5
MEDIUM
CVE-2022-21446
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11.
8.2
HIGH
CVE-2022-21416
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11.
5.0
MEDIUM
CVE-2022-21375
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. E
5.5
MEDIUM
CVE-2022-21298
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Install). The supported version that is affected is 11.
3.9
LOW
CVE-2022-21271
all versions
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported
5.3
MEDIUM
CVE-2022-21263
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Fault Management Architecture). The supported version th
4.8
MEDIUM
CVE-2021-35589
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device drivers). The supported version that is affected
6.0
MEDIUM
CVE-2021-35549
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11.
3.9
LOW
CVE-2021-35539
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 1
6.5
MEDIUM
CVE-2021-2381
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. E
3.9
LOW
CVE-2021-2192
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. E
6.1
MEDIUM
CVE-2021-2167
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). The supported version that
7.8
HIGH
CVE-2020-14871
>= 10 and < 11.1
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions tha
10.0
CRITICAL
CVE-2020-14818
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11.
3.0
LOW
CVE-2020-14759
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. D
2.5
LOW
CVE-2020-14758
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. E
5.6
MEDIUM
CVE-2020-14754
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 1
5.5
MEDIUM
CVE-2020-14724
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Utility). The supported version that is af
7.3
HIGH
CVE-2020-14545
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Utility). The supported version that is af
5.0
MEDIUM
CVE-2020-14542
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: libsuri). The supported version that is affected is 11.
3.3
LOW
CVE-2020-14537
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Packaging Scripts). The supported version that is affect
5.5
MEDIUM
CVE-2020-12243
all versions
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of servic
7.5
HIGH
CVE-2020-2944
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are
8.8
HIGH
CVE-2020-2927
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are
7.8
HIGH
CVE-2020-2851
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are
7.8
HIGH
CVE-2020-2771
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Whodo). Supported versions that are affected are 10 and
2.5
LOW
CVE-2020-2749
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: SMF command svcbundle). The supported version that is af
2.5
LOW
CVE-2020-10108
all versions
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers,
9.8
CRITICAL
CVE-2020-7044
all versions
In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >=
7.5
HIGH
CVE-2020-2696
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). The supported version that
8.8
HIGH
CVE-2020-2680
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 1
6.0
MEDIUM
CVE-2020-2664
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 1
4.6
MEDIUM
CVE-2020-2656
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: X Window System). Supported versions that are affected a
4.4
MEDIUM
CVE-2020-2647
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). Supported versions that are affected are 10 and
5.0
MEDIUM
CVE-2020-2605
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 1
7.1
HIGH
CVE-2020-2578
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. E
5.8
MEDIUM
CVE-2020-2565
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Consolidation Infrastructure). The supported version tha
7.5
HIGH
CVE-2020-2558
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. E
5.8
MEDIUM
CVE-2019-19553
all versions
In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/pac
7.5
HIGH
CVE-2018-12207
all versions
Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an aut
6.5
MEDIUM
CVE-2019-10219
all versions
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting
6.1
MEDIUM
CVE-2019-3010
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is
8.8
HIGH
CVE-2019-3008
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: LDAP Library). The supported version that is affected is
1.8
LOW
CVE-2019-2961
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: SMF services & legacy daemons). The supported version th
3.6
LOW
CVE-2019-2765
all versions
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). Supported versions that are affected are 10
5.3
MEDIUM
CVE-2019-16168
all versions
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validati
6.5
MEDIUM
CVE-2019-16056
all versions
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email modul
7.5
HIGH
CVE-2019-13565
all versions
An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the S
7.5
HIGH
CVE-2019-13057
all versions
An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) p
4.9
MEDIUM
CVE-2019-2844
all versions
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: LDAP Client Tools). The supporte
8.8
HIGH
CVE-2019-2838
all versions
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version t
7.5
HIGH
CVE-2019-2832
all versions
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Desktop Environment). The
8.8
HIGH
CVE-2019-2820
all versions
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Gnuplot). The supported version
7.3
HIGH
CVE-2019-2807
all versions
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Zones). The supported version th
3.9
LOW
CVE-2019-2804
all versions
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Filesystem). Supported versions
7.3
HIGH
CVE-2019-2788
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Open Fabrics Tools). The supported vers
6.3
MEDIUM
CVE-2019-2787
all versions
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Automount). Supported versions t
4.2
MEDIUM
CVE-2019-12387
all versions
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid ch
6.1
MEDIUM
CVE-2019-2704
all versions
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: IPS Package Manager). The suppor
5.3
MEDIUM
CVE-2019-2577
all versions
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: File Locking Services). The supp
3.3
LOW
CVE-2019-2545
all versions
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: LDoms IO). Supported versions th
4.0
MEDIUM
CVE-2019-2544
all versions
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that
4.0
MEDIUM
CVE-2019-2543
all versions
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that
5.3
MEDIUM
CVE-2019-2541
all versions
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: DHCP Client). The supported vers
7.5
HIGH
CVE-2019-2437
all versions
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version t
7.5
HIGH
CVE-2018-20685
all versions
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or
5.3
MEDIUM
CVE-2018-3275
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: LibKMIP). The supported version that is
7.4
HIGH
CVE-2018-3274
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is
5.7
MEDIUM
CVE-2018-3273
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Remote Administration Daemon (RAD)). Th
8.1
HIGH
CVE-2018-3272
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones Virtualized NIC Driver). T
6.2
MEDIUM
CVE-2018-3271
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones). The supported version th
5.3
MEDIUM
CVE-2018-3270
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is
1.8
LOW
CVE-2018-3269
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SMB Server). The supported version that
4.3
MEDIUM
CVE-2018-3268
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SMB Server). The supported version that
5.3
MEDIUM
CVE-2018-3267
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: LFTP). The supported version that is af
5.3
MEDIUM
CVE-2018-3266
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Verified Boot). The supported version t
3.9
LOW
CVE-2018-3265
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Zones). The supported version that is a
4.9
MEDIUM
CVE-2018-3264
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is
4.4
MEDIUM
CVE-2018-3263
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Sudo). The supported version that is af
5.6
MEDIUM
CVE-2018-3172
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RPC). Supported versions that are affec
5.3
MEDIUM
CVE-2018-2922
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is
2.5
LOW
CVE-2018-2928
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RAD). The supported version that is aff
8.1
HIGH
CVE-2018-2926
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NVIDIA-GFX Kernel driver). The supporte
7.6
HIGH
CVE-2018-2908
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is
7.7
HIGH
CVE-2018-2903
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are af
4.4
MEDIUM
CVE-2018-2901
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are af
3.7
LOW
CVE-2018-2892
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Availability Suite Service). Supported
7.8
HIGH
CVE-2018-3639
all versions
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all
5.5
MEDIUM
CVE-2018-2808
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is
5.0
MEDIUM
CVE-2018-2764
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are af
7.5
HIGH
CVE-2018-2763
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NTPD). The supported version that is af
3.3
LOW
CVE-2018-2754
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: ZVNET Driver). The supported version th
7.7
HIGH
CVE-2018-2753
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Python modules). The supported version
6.0
MEDIUM
CVE-2018-2718
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RPC). Supported versions that are affec
7.5
HIGH
CVE-2018-2563
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: LDAP Library). Supported versions that
4.2
MEDIUM
CVE-2018-1171
all versions
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20
7.0
HIGH
CVE-2018-1165
all versions
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20
7.0
HIGH
CVE-2018-2717
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SPARC Platform). Supported versions tha
6.6
MEDIUM
CVE-2018-2710
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is
7.5
HIGH
CVE-2018-2578
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is
7.2
HIGH
CVE-2018-2577
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is
5.5
MEDIUM
CVE-2018-2560
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is
5.0
MEDIUM
CVE-2017-5753
all versions
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of informatio
5.6
MEDIUM
CVE-2017-3632
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: CDE Calendar). Supported versions that
9.8
CRITICAL
CVE-2017-10122
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are af
1.8
LOW
CVE-2017-10095
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is
3.3
LOW
CVE-2017-10062
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Oracle Java Web Console). The supported
5.3
MEDIUM
CVE-2017-10042
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: IKE). Supported versions that are affec
7.5
HIGH
CVE-2017-10036
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NFSv4). Supported versions that are aff
7.5
HIGH
CVE-2017-10004
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are af
6.7
MEDIUM
CVE-2017-10003
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network Services Library). The supporte
4.5
MEDIUM
CVE-2017-3631
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is
5.3
MEDIUM
CVE-2017-3630
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are af
5.3
MEDIUM
CVE-2017-3629
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are af
7.8
HIGH
CVE-2017-3623
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel RPC). For supported versions tha
10.0
CRITICAL
CVE-2017-3622
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Desktop Environment (CDE)). The
7.8
HIGH
CVE-2017-3565
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RBAC). The supported version that is af
7.9
HIGH
CVE-2017-3564
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RBAC). The supported version that is af
8.2
HIGH
CVE-2017-3551
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Smartcard Libraries). The supported ver
6.6
MEDIUM
CVE-2017-3516
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized NIC driver). T
7.7
HIGH
CVE-2017-3510
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized NIC driver). T
9.6
CRITICAL
CVE-2017-3498
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is
3.3
LOW
CVE-2017-3497
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Remote Administration Daemon). The supp
7.3
HIGH
CVE-2017-3474
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Zone). The supported version that is af
3.3
LOW
CVE-2016-4483
all versions
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service
7.5
HIGH
CVE-2017-3301
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is
3.3
LOW
CVE-2017-3276
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized block driver).
5.7
MEDIUM
CVE-2016-8330
all versions
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is
3.7
LOW
CVE-2016-2334
all versions
Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote at
7.8
HIGH
CVE-2016-6491
all versions
Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allo
8.8
HIGH
CVE-2016-5842
all versions
MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors inv
7.5
HIGH
CVE-2016-5841
all versions
Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segme
9.8
CRITICAL
CVE-2016-5691
all versions
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveragi
9.8
CRITICAL
CVE-2016-5690
all versions
The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspe
9.8
CRITICAL
CVE-2016-5689
all versions
The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveragi
9.8
CRITICAL
CVE-2016-5688
all versions
The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have u
8.1
HIGH
CVE-2016-5687
all versions
The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have
9.8
CRITICAL
CVE-2015-8786
all versions
The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of serv
6.5
MEDIUM
CVE-2016-5615
all versions
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Lynx.
3.3
LOW
CVE-2016-5606
all versions
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related t
6.1
MEDIUM
CVE-2016-5576
all versions
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel Zones
5.5
MEDIUM
CVE-2016-5566
all versions
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect confidentiality via unknown vectors.
5.3
MEDIUM
CVE-2016-5561
all versions
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect availability via vectors related to IKE.
3.1
LOW
CVE-2016-5559
all versions
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect integrity via vectors related to Kernel.
4.1
MEDIUM
CVE-2016-5553
all versions
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via unknown vectors.
5.0
MEDIUM
CVE-2016-5544
all versions
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availabil
7.8
HIGH
CVE-2016-5487
all versions
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, integrity, and availability via
5.3
MEDIUM
CVE-2016-5480
all versions
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect integrity via vectors related to Bash.
2.8
LOW
CVE-2016-2776
all versions
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct
7.5
HIGH
CVE-2016-5844
all versions
Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application cr
6.5
MEDIUM
CVE-2016-6302
all versions
The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the t
7.5
HIGH
CVE-2016-5358
all versions
epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, whi
5.9
MEDIUM
CVE-2016-5357
all versions
wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles sscanf unsigne
5.9
MEDIUM
CVE-2016-6185
all versions
The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow l
7.8
HIGH
CVE-2016-5471
all versions
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a di
5.5
MEDIUM
CVE-2016-5469
all versions
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a di
5.5
MEDIUM
CVE-2016-5454
all versions
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related t
6.4
MEDIUM
CVE-2016-5452
all versions
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality via vectors related to Verified
5.5
MEDIUM
CVE-2016-3584
all versions
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, integrity, and availability via
7.0
HIGH
CVE-2016-3497
all versions
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a di
5.5
MEDIUM
CVE-2016-3453
all versions
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to Kernel.
5.5
MEDIUM
CVE-2016-5387
all versions
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presenc
8.1
HIGH
CVE-2016-4957
all versions
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: thi
7.5
HIGH
CVE-2016-4956
all versions
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change)
5.3
MEDIUM
CVE-2016-4955
all versions
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clear
5.9
MEDIUM
CVE-2016-4954
all versions
The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service
7.5
HIGH
CVE-2016-4953
all versions
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by send
7.5
HIGH
CVE-2016-4971
all versions
GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resourc
8.8
HIGH
CVE-2016-2178
all versions
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time o
5.5
MEDIUM
CVE-2016-2177
all versions
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to
9.8
CRITICAL
CVE-2016-5118
all versions
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code
9.8
CRITICAL
CVE-2016-3627
all versions
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent att
7.5
HIGH
CVE-2016-3718
all versions
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-sid
5.5
MEDIUM
CVE-2016-3715
all versions
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a
5.5
MEDIUM
CVE-2016-4085
all versions
Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows r
5.9
MEDIUM
CVE-2016-4082
all versions
epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wro
5.9
MEDIUM
CVE-2016-4079
all versions
epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER
5.9
MEDIUM
CVE-2016-3465
all versions
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to ZFS.
5.5
MEDIUM
CVE-2016-3462
all versions
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Network Conf
5.5
MEDIUM
CVE-2016-3441
all versions
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availabil
7.8
HIGH
CVE-2016-3419
all versions
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to Files
3.3
LOW
CVE-2016-0693
all versions
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows remote attackers to affect confidentiality, integrity, and avai
9.8
CRITICAL
CVE-2016-0676
all versions
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to the kernel.
4.7
MEDIUM
CVE-2016-0669
all versions
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related t
6.0
MEDIUM
CVE-2016-0623
all versions
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect integrity via vectors related to the Automa
4.7
MEDIUM
CVE-2016-2381
all versions
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment
7.5
HIGH
CVE-2015-2774
all versions
Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-i
5.9
MEDIUM
CVE-2015-8629
all versions
The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.
5.3
MEDIUM
CVE-2015-7546
all versions
The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddlewa
7.5
HIGH
CVE-2016-0618
all versions
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via unknown vectors related to Zon
CVE-2016-0616
all versions
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 1
CVE-2016-0609
all versions
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x befo
CVE-2016-0608
all versions
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x befo
CVE-2016-0606
all versions
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x befo
CVE-2016-0600
all versions
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x befo
CVE-2016-0598
all versions
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x befo
CVE-2016-0597
all versions
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x befo
CVE-2016-0596
all versions
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.
CVE-2016-0546
all versions
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x befo
CVE-2016-0535
all versions
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via vectors related to RP
CVE-2016-0505
all versions
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x befo
CVE-2016-0493
all versions
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity and availability via unknown vectors rel
CVE-2016-0458
all versions
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to Kernel DAX.
CVE-2016-0440
all versions
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to NFSv4.
CVE-2016-0431
all versions
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Solari
CVE-2016-0428
all versions
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Verifi
CVE-2016-0426
all versions
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality and availability via unknown vecto
CVE-2016-0419
all versions
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Solari
CVE-2016-0418
all versions
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via u
CVE-2016-0416
all versions
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect integrity via unknown vectors related to Syst
CVE-2016-0414
all versions
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via u
CVE-2016-0406
all versions
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity and availability via vectors related to
CVE-2016-0403
all versions
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to SMB Utili
CVE-2015-4922
all versions
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to Boot.
CVE-2015-4920
all versions
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity via vectors related to NDMP Backup Servi
CVE-2015-5295
all versions
The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows
5.4
MEDIUM
CVE-2016-0778
all versions
The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2,
8.1
HIGH
CVE-2016-0777
all versions
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obt
6.5
MEDIUM
CVE-2016-1283
all versions
The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\
9.8
CRITICAL
CVE-2015-8000
all versions
db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (RE
CVE-2015-3195
all versions
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q
5.3
MEDIUM
CVE-2015-8104
all versions
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of servi
10.0
CRITICAL
CVE-2015-7830
all versions
The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many l
CVE-2015-8126
all versions
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1
CVE-2015-2697
all versions
The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated u
CVE-2015-2695
all versions
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows r
CVE-2015-4913
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to af
CVE-2015-4907
all versions
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via
CVE-2015-4891
all versions
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via
CVE-2015-4879
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to
CVE-2015-4870
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to
CVE-2015-4869
all versions
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via unknown vectors related
CVE-2015-4864
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to af
CVE-2015-4861
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to
CVE-2015-4858
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to
CVE-2015-4837
all versions
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via
CVE-2015-4836
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to
CVE-2015-4834
all versions
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via
CVE-2015-4831
all versions
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via unknown vectors related to Sola
CVE-2015-4830
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to af
CVE-2015-4826
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to af
CVE-2015-4822
all versions
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via unknown vectors related to Sola
CVE-2015-4820
all versions
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via
CVE-2015-4819
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confiden
CVE-2015-4817
all versions
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via
CVE-2015-4816
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via u
CVE-2015-4815
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to af
CVE-2015-4807
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote
CVE-2015-4802
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to af
CVE-2015-4801
all versions
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality via unknown vectors related to S
CVE-2015-4792
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to af
CVE-2015-2642
all versions
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availabil
CVE-2015-7236
all versions
Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a
7.5
HIGH
CVE-2015-4020
all versions
RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or maki
CVE-2015-6249
all versions
The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before
CVE-2015-6248
all versions
The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whethe
CVE-2015-6247
all versions
The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x be
CVE-2015-6246
all versions
The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7
CVE-2015-6245
all versions
epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data typ
CVE-2015-6244
all versions
The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12
CVE-2015-6243
all versions
The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings,
CVE-2015-6242
all versions
The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in
CVE-2015-6241
all versions
The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does
CVE-2015-5964
all versions
The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.
CVE-2015-5963
all versions
contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly
CVE-2015-3219
all versions
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.
CVE-2015-4496
all versions
Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via c
CVE-2015-4493
all versions
Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 a
CVE-2015-4492
all versions
Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before
CVE-2015-4491
all versions
Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox befo
CVE-2015-4490
all versions
The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp in Mozilla Firefox before 40.0 does not implement the Content Se
CVE-2015-4489
all versions
The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote
CVE-2015-4488
all versions
Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Fi
CVE-2015-4487
all versions
The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 mig
CVE-2015-4486
all versions
The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers
CVE-2015-4485
all versions
Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x be
CVE-2015-4484
all versions
The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ES
CVE-2015-4483
all versions
Mozilla Firefox before 40.0 allows man-in-the-middle attackers to bypass a mixed-content protection mechanism via a feed: URL in a
CVE-2015-4482
all versions
mar_read.c in the Updater in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows local users to gain privileges or
CVE-2015-4481
all versions
Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allow
CVE-2015-1819
all versions
The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to
CVE-2015-4495
all versions
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers
8.8
HIGH
CVE-2015-1283
all versions
Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and
CVE-2015-1270
all versions
The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrom
CVE-2015-4651
all versions
The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before
CVE-2015-0253
all versions
The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure me
CVE-2015-4770
all versions
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to UNIX
CVE-2015-4752
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to af
CVE-2015-4737
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to
CVE-2015-2662
all versions
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to DHCP
CVE-2015-2651
all versions
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to Kernel Zones
CVE-2015-2648
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to af
CVE-2015-2643
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to af
CVE-2015-2631
all versions
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availabil
CVE-2015-2620
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to af
CVE-2015-2614
all versions
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to NVM Express
CVE-2015-2609
all versions
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to CPU performa
CVE-2015-2589
all versions
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to S10 B
CVE-2015-2582
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to af
CVE-2015-2580
all versions
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to NFSv4
CVE-2015-5144
all versions
Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which
CVE-2015-5143
all versions
The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attack
CVE-2015-2743
all versions
PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for inter
CVE-2015-2742
all versions
Mozilla Firefox before 39.0 on OS X includes native key press information during the logging of crashes, which allows remote attac
CVE-2015-2741
all versions
Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encounterin
CVE-2015-2740
all versions
Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.
CVE-2015-2739
all versions
The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thu
CVE-2015-2738
all versions
The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox E
CVE-2015-2737
all versions
The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31
CVE-2015-2736
all versions
The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Th
CVE-2015-2735
all versions
nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 ac
CVE-2015-2734
all versions
The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR
CVE-2015-2733
all versions
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x befo
CVE-2015-2731
all versions
Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0
CVE-2015-2730
all versions
Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38
CVE-2015-2729
all versions
The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 39.0 and Firefox ES
CVE-2015-2728
all versions
The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 a
CVE-2015-2726
all versions
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial
CVE-2015-2725
all versions
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thund
CVE-2015-2724
all versions
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x b
CVE-2015-2722
all versions
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x befo
CVE-2015-2721
all versions
Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x
CVE-2015-3900
all versions
RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or maki
CVE-2015-4024
all versions
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before
CVE-2015-3330
all versions
The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8,
CVE-2015-3329
all versions
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24,
CVE-2015-3200
all versions
mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string
7.5
HIGH
CVE-2015-2922
all versions
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack i
CVE-2015-3814
all versions
The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissec
CVE-2015-3812
all versions
Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x b
CVE-2015-3811
all versions
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to
CVE-2015-3988
all versions
Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to
CVE-2015-3455
all versions
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL
CVE-2015-2716
all versions
Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows
CVE-2015-3646
all versions
OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content,
CVE-2015-3294
all versions
The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which al
CVE-2015-3145
all versions
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows rem
CVE-2015-2578
all versions
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows remote attackers to affect availability via vectors related to Kernel
CVE-2015-2577
all versions
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via u
CVE-2015-2574
all versions
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality via unknown vectors related to Tex
CVE-2015-2573
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to
CVE-2015-2571
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to
CVE-2015-2568
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect ava
CVE-2015-0505
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to
CVE-2015-0499
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to
CVE-2015-0471
all versions
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availabil
CVE-2015-0448
all versions
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via
CVE-2015-0433
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to
CVE-2015-0251
all versions
The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the
CVE-2015-0248
all versions
The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to
CVE-2015-0798
all versions
The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle pri
CVE-2015-1351
all versions
Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.
CVE-2015-2317
all versions
The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c
CVE-2015-2316
all versions
The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain v
CVE-2015-2155
all versions
The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitr
CVE-2015-2190
all versions
epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which all
CVE-2015-2189
all versions
Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and
CVE-2015-2188
all versions
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly in
CVE-2015-0829
all versions
Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code via a crafted M
CVE-2015-0828
all versions
Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory
CVE-2014-9512
all versions
rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.
CVE-2014-9674
all versions
The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without valida
CVE-2014-9672
all versions
Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of
CVE-2014-9671
all versions
Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a d
CVE-2014-9670
all versions
Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attack
CVE-2014-9669
all versions
Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-b
CVE-2014-9666
all versions
The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without rest
CVE-2014-9664
all versions
FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to caus
CVE-2014-9663
all versions
The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's valu
CVE-2014-9660
all versions
The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which a
CVE-2014-9659
all versions
cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has b
CVE-2014-9658
all versions
The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows
CVE-2014-9657
all versions
The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allo
CVE-2015-1380
all versions
jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body.
CVE-2015-0432
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via v
CVE-2015-0411
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect con
CVE-2015-1196
all versions
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
CVE-2015-1038
all versions
p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.
CVE-2015-0382
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect avail
CVE-2015-0381
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect avail
CVE-2015-0378
all versions
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Libc.
CVE-2015-0374
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to af
CVE-2014-6568
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to
CVE-2015-0973
all versions
Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-de
8.8
HIGH
CVE-2014-9601
all versions
Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a lar
CVE-2014-9496
all versions
The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) m
CVE-2015-0564
all versions
Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1
CVE-2015-0561
all versions
asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain inde
CVE-2014-8145
all versions
Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact
CVE-2014-5353
all versions
The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5)
CVE-2014-8964
all versions
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other uns
CVE-2014-6052
all versions
The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc ret
CVE-2014-8124
all versions
OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a d
CVE-2014-8094
all versions
Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 thro
CVE-2014-7142
all versions
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash)
CVE-2014-8991
all versions
pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-
CVE-2014-8768
all versions
Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attack
CVE-2014-6559
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect con
CVE-2014-6551
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidenti
CVE-2014-6530
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to
CVE-2014-6507
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to
CVE-2014-6500
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect con
CVE-2014-6496
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect ava
CVE-2014-6495
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect ava
CVE-2014-6494
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect ava
CVE-2014-6491
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confi
CVE-2014-6478
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect int
CVE-2014-6469
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to af
CVE-2014-6463
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to af
CVE-2014-4274
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidenti
CVE-2014-0397
all versions
Multiple unspecified vulnerabilities in libXtsol in Oracle Solaris 10 and 11.1 have unspecified impact and attack vectors related
CVE-2014-6051
all versions
Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to c
CVE-2014-5459
all versions
The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack o
CVE-2014-6270
all versions
Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remot
CVE-2014-1563
all versions
Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x be
CVE-2014-1561
all versions
Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows rem
CVE-2014-1557
all versions
The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird b
CVE-2014-3532
all versions
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial o
CVE-2014-4260
all versions
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote
CVE-2014-4258
all versions
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote au
CVE-2014-4243
all versions
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote au
CVE-2014-1542
all versions
Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execut
CVE-2011-2198
all versions
The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to caus
CVE-2014-1528
all versions
The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allow
CVE-2014-1527
all versions
Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM
CVE-2014-2440
all versions
Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote at
CVE-2014-2436
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to af
CVE-2014-2432
all versions
Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated
CVE-2014-2431
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect avail
CVE-2014-2430
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to af
CVE-2014-2419
all versions
Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to af
CVE-2013-5704
all versions
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by plac
CVE-2014-2497
all versions
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denia
CVE-2014-1507
all versions
Directory traversal vulnerability in the DeviceStorage API in Mozilla FirefoxOS before 1.2.2 allows attackers to bypass the media
CVE-2014-1506
all versions
Directory traversal vulnerability in Android Crash Reporter in Mozilla Firefox before 28.0 on Android allows attackers to trigger
CVE-2014-1504
all versions
The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy
CVE-2014-1502
all versions
The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey be
CVE-2014-1501
all versions
Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs vi
CVE-2014-1500
all versions
Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption an
CVE-2014-1499
all versions
Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or
CVE-2014-1498
all versions
The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certai
CVE-2014-1494
all versions
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote a
CVE-2013-4590
all versions
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" informatio
CVE-2011-4093
all versions
Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 might allow remote attackers to hijack connections and gain
CVE-2011-4091
all versions
The libobby server in inc/server.hpp in libnet6 (aka net6) before 1.3.14 does not perform authentication before checking the user
CVE-2014-1489
all versions
Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-as
CVE-2014-1488
all versions
The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitra
CVE-2014-1485
all versions
The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesh
CVE-2014-1484
all versions
Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers
CVE-2014-1483
all versions
Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive
CVE-2014-1480
all versions
The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of
CVE-2014-1478
all versions
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote a
CVE-2014-0420
all versions
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote
CVE-2013-6672
all versions
Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leve
CVE-2013-5619
all versions
Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before
CVE-2013-5614
all versions
Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during p
CVE-2013-5612
all versions
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attac
CVE-2013-5611
all versions
Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote att
CVE-2013-5610
all versions
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote a
CVE-2013-6629
all versions
The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.165
CVE-2013-3812
all versions
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote au
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin