Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 31920 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5895 2 Apple, Sqlite 2 Iphone Os, Sqlite 2025-04-12 10.0 HIGH N/A
Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors.
CVE-2014-1708 1 Google 1 Chrome Os 2025-04-12 10.0 HIGH N/A
The boot implementation in Google Chrome OS before 33.0.1750.152 does not properly consider file persistence, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2016-0528 1 Oracle 1 E-business Suite 2025-04-12 6.4 MEDIUM N/A
Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to User GUI, a different vulnerability than CVE-2016-0527, CVE-2016-0529, and CVE-2016-0530.
CVE-2014-0911 1 Ibm 1 Websphere Mq 2025-04-12 4.3 MEDIUM N/A
inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before 7.5.0.4 allows remote attackers to cause a denial of service (disk or CPU consumption) via unspecified vectors.
CVE-2016-3679 3 Canonical, Google, Opensuse 4 Ubuntu Linux, Chrome, V8 and 1 more 2025-04-12 9.3 HIGH 8.8 HIGH
Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2016-0669 1 Oracle 1 Solaris 2025-04-12 5.2 MEDIUM 6.0 MEDIUM
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Fwflash.
CVE-2016-0443 1 Oracle 1 Enterprise Manager Grid Control 2025-04-12 4.3 MEDIUM N/A
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 12.1.0.4, and 12.1.0.5 allows remote attackers to affect confidentiality via unknown vectors related to Agent Next Gen.
CVE-2016-0563 1 Oracle 1 Crm Technical Foundation 2025-04-12 6.4 MEDIUM N/A
Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2 and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Common Techstack.
CVE-2014-7297 1 Kriesi 1 Enfold 2025-04-12 10.0 HIGH N/A
Unspecified vulnerability in the folder framework in the Enfold theme before 3.0.1 for WordPress has unknown impact and attack vectors.
CVE-2015-4750 1 Oracle 1 Oracle And Sun Systems Product Suite 2025-04-12 5.0 MEDIUM N/A
Unspecified vulnerability in the Oracle VM Server for SPARC component in Oracle Sun Systems Products Suite 3.2 allows remote attackers to affect availability via vectors related to LDOM Manager.
CVE-2014-6324 1 Microsoft 6 Windows 7, Windows 8, Windows 8.1 and 3 more 2025-04-12 9.0 HIGH 8.8 HIGH
The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote authenticated domain users to obtain domain administrator privileges via a forged signature in a ticket, as exploited in the wild in November 2014, aka "Kerberos Checksum Vulnerability."
CVE-2016-4020 4 Canonical, Debian, Qemu and 1 more 12 Ubuntu Linux, Debian Linux, Qemu and 9 more 2025-04-12 2.1 LOW 6.5 MEDIUM
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).
CVE-2014-2442 1 Oracle 1 Mysql 2025-04-12 4.0 MEDIUM N/A
Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to MyISAM.
CVE-2016-3797 1 Google 1 Android 2025-04-12 9.3 HIGH 7.8 HIGH
The Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28085680 and Qualcomm internal bug CR1001450.
CVE-2016-7157 1 Qemu 1 Qemu 2025-04-12 2.1 LOW 4.4 MEDIUM
The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 functions in hw/scsi/mptconfig.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via vectors involving MPTSAS_CONFIG_PACK.
CVE-2021-45467 1 Control-webpanel 1 Webpanel 2025-04-12 N/A 9.8 CRITICAL
In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/account_new_create&acc=guadaapi URI. Any number of %00 instances can be used, e.g., .%00%00%00./.%00%00%00./api/account_new_create could also be used for the scripts parameter.
CVE-2022-45431 2 Dahuasecurity, Linux 9 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 6 more 2025-04-11 N/A 7.5 HIGH
Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server.
CVE-2022-45430 2 Dahuasecurity, Linux 9 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 6 more 2025-04-11 N/A 3.7 LOW
Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD service. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could enable or disable the SSHD service.
CVE-2021-47001 1 Linux 1 Linux Kernel 2025-04-11 N/A 4.7 MEDIUM
In the Linux kernel, the following vulnerability has been resolved: xprtrdma: Fix cwnd update ordering After a reconnect, the reply handler is opening the cwnd (and thus enabling more RPC Calls to be sent) /before/ rpcrdma_post_recvs() can post enough Receive WRs to receive their replies. This causes an RNR and the new connection is lost immediately. The race is most clearly exposed when KASAN and disconnect injection are enabled. This slows down rpcrdma_rep_create() enough to allow the send side to post a bunch of RPC Calls before the Receive completion handler can invoke ib_post_recv().
CVE-2021-4235 1 Yaml Project 1 Yaml 2025-04-11 N/A 5.5 MEDIUM
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.