Total
31920 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-5895 | 2 Apple, Sqlite | 2 Iphone Os, Sqlite | 2025-04-12 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors. | |||||
CVE-2014-1708 | 1 Google | 1 Chrome Os | 2025-04-12 | 10.0 HIGH | N/A |
The boot implementation in Google Chrome OS before 33.0.1750.152 does not properly consider file persistence, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2016-0528 | 1 Oracle | 1 E-business Suite | 2025-04-12 | 6.4 MEDIUM | N/A |
Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to User GUI, a different vulnerability than CVE-2016-0527, CVE-2016-0529, and CVE-2016-0530. | |||||
CVE-2014-0911 | 1 Ibm | 1 Websphere Mq | 2025-04-12 | 4.3 MEDIUM | N/A |
inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before 7.5.0.4 allows remote attackers to cause a denial of service (disk or CPU consumption) via unspecified vectors. | |||||
CVE-2016-3679 | 3 Canonical, Google, Opensuse | 4 Ubuntu Linux, Chrome, V8 and 1 more | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
CVE-2016-0669 | 1 Oracle | 1 Solaris | 2025-04-12 | 5.2 MEDIUM | 6.0 MEDIUM |
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Fwflash. | |||||
CVE-2016-0443 | 1 Oracle | 1 Enterprise Manager Grid Control | 2025-04-12 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 12.1.0.4, and 12.1.0.5 allows remote attackers to affect confidentiality via unknown vectors related to Agent Next Gen. | |||||
CVE-2016-0563 | 1 Oracle | 1 Crm Technical Foundation | 2025-04-12 | 6.4 MEDIUM | N/A |
Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2 and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Common Techstack. | |||||
CVE-2014-7297 | 1 Kriesi | 1 Enfold | 2025-04-12 | 10.0 HIGH | N/A |
Unspecified vulnerability in the folder framework in the Enfold theme before 3.0.1 for WordPress has unknown impact and attack vectors. | |||||
CVE-2015-4750 | 1 Oracle | 1 Oracle And Sun Systems Product Suite | 2025-04-12 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the Oracle VM Server for SPARC component in Oracle Sun Systems Products Suite 3.2 allows remote attackers to affect availability via vectors related to LDOM Manager. | |||||
CVE-2014-6324 | 1 Microsoft | 6 Windows 7, Windows 8, Windows 8.1 and 3 more | 2025-04-12 | 9.0 HIGH | 8.8 HIGH |
The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka "Kerberos Checksum Vulnerability." | |||||
CVE-2016-4020 | 4 Canonical, Debian, Qemu and 1 more | 12 Ubuntu Linux, Debian Linux, Qemu and 9 more | 2025-04-12 | 2.1 LOW | 6.5 MEDIUM |
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR). | |||||
CVE-2014-2442 | 1 Oracle | 1 Mysql | 2025-04-12 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to MyISAM. | |||||
CVE-2016-3797 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
The Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28085680 and Qualcomm internal bug CR1001450. | |||||
CVE-2016-7157 | 1 Qemu | 1 Qemu | 2025-04-12 | 2.1 LOW | 4.4 MEDIUM |
The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 functions in hw/scsi/mptconfig.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via vectors involving MPTSAS_CONFIG_PACK. | |||||
CVE-2021-45467 | 1 Control-webpanel | 1 Webpanel | 2025-04-12 | N/A | 9.8 CRITICAL |
In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/account_new_create&acc=guadaapi URI. Any number of %00 instances can be used, e.g., .%00%00%00./.%00%00%00./api/account_new_create could also be used for the scripts parameter. | |||||
CVE-2022-45431 | 2 Dahuasecurity, Linux | 9 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 6 more | 2025-04-11 | N/A | 7.5 HIGH |
Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server. | |||||
CVE-2022-45430 | 2 Dahuasecurity, Linux | 9 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 6 more | 2025-04-11 | N/A | 3.7 LOW |
Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD service. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could enable or disable the SSHD service. | |||||
CVE-2021-47001 | 1 Linux | 1 Linux Kernel | 2025-04-11 | N/A | 4.7 MEDIUM |
In the Linux kernel, the following vulnerability has been resolved: xprtrdma: Fix cwnd update ordering After a reconnect, the reply handler is opening the cwnd (and thus enabling more RPC Calls to be sent) /before/ rpcrdma_post_recvs() can post enough Receive WRs to receive their replies. This causes an RNR and the new connection is lost immediately. The race is most clearly exposed when KASAN and disconnect injection are enabled. This slows down rpcrdma_rep_create() enough to allow the send side to post a bunch of RPC Calls before the Receive completion handler can invoke ib_post_recv(). | |||||
CVE-2021-4235 | 1 Yaml Project | 1 Yaml | 2025-04-11 | N/A | 5.5 MEDIUM |
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector. |