Max CVSS 10.0 Min CVSS 3.5 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2016-7052 5.0
crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.
16-08-2022 - 13:17 26-09-2016 - 19:59
CVE-2013-7398 4.3
main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client (aka AHC or async-http-client) before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof
16-12-2020 - 06:15 24-06-2015 - 16:59
CVE-2016-7038 5.0
In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed.
01-12-2020 - 14:54 20-01-2017 - 08:59
CVE-2019-12730 7.5
aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables.
24-08-2020 - 17:37 04-06-2019 - 14:29
CVE-2017-9994 6.8
libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow
20-03-2019 - 16:18 28-06-2017 - 06:29
CVE-2006-4003 5.0
The config method in Henrik Storner Hobbit monitor before 4.1.2p2 permits access to files outside of the intended configuration directory, which allows remote attackers to obtain sensitive information via requests to the hobbitd daemon on port 1984/t
17-10-2018 - 21:32 07-08-2006 - 19:04
CVE-2008-2421 4.3
Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the def
11-10-2018 - 20:41 23-05-2008 - 15:32
CVE-2016-6309 10.0
statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.
12-07-2018 - 01:29 26-09-2016 - 19:59
CVE-2016-7046 7.1
Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL.
15-12-2017 - 02:29 03-10-2016 - 21:59
CVE-2016-6980 10.0
Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4263.
13-08-2017 - 01:29 26-09-2016 - 17:59
CVE-2003-1200 7.5
Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 through 6.8.5 allows remote attackers to execute arbitrary code via a long From parameter to Form2Raw.cgi.
11-07-2017 - 01:29 29-12-2003 - 05:00
CVE-2016-3028 9.0
IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access.
28-11-2016 - 20:05 25-11-2016 - 03:59
CVE-2016-3025 5.0
IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach.
28-11-2016 - 20:05 25-11-2016 - 03:59
CVE-2016-3001 3.5
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerabili
28-11-2016 - 20:05 26-09-2016 - 04:59
Back to Top Mark selected
Back to Top