An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.
Source: HackerOne
Max CVSS
5.0
EPSS Score
0.12%
Published
2020-02-04
Updated
2021-12-22
A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
Source: Mozilla Corporation
Max CVSS
5.3
EPSS Score
0.93%
Published
2019-07-23
Updated
2023-02-28
dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.
Source: MITRE
Max CVSS
5.9
EPSS Score
1.67%
Published
2017-10-03
Updated
2018-03-04
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.
Source: MITRE
Max CVSS
5.9
EPSS Score
0.45%
Published
2017-07-06
Updated
2019-10-03
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).
Source: Debian GNU/Linux
Max CVSS
5.5
EPSS Score
0.05%
Published
2017-06-06
Updated
2023-09-12
The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.
Source: MITRE
Max CVSS
5.5
EPSS Score
0.05%
Published
2016-10-13
Updated
2023-09-12
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
Source: Red Hat, Inc.
Max CVSS
5.9
EPSS Score
19.26%
Published
2016-09-26
Updated
2022-12-13
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.
Source: MITRE
Max CVSS
5.3
EPSS Score
2.34%
Published
2016-07-05
Updated
2021-07-16
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.
Source: MITRE
Max CVSS
5.9
EPSS Score
2.11%
Published
2016-07-05
Updated
2021-07-16
The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.
Source: MITRE
Max CVSS
5.5
EPSS Score
0.04%
Published
2016-05-23
Updated
2023-09-12
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
Source: Red Hat, Inc.
Max CVSS
5.5
EPSS Score
0.05%
Published
2016-06-27
Updated
2023-02-12
The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.
Source: MITRE
Max CVSS
5.5
EPSS Score
0.06%
Published
2016-04-27
Updated
2023-09-12
Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input, as demonstrated by a crafted attribute of an IMG element in the phone field of a user profile.
Source: SUSE
Max CVSS
5.4
EPSS Score
0.24%
Published
2016-08-01
Updated
2017-09-03
XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages.
Source: SUSE
Max CVSS
5.4
EPSS Score
0.06%
Published
2016-10-27
Updated
2016-11-28
Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain (1) user name, (2) tf_aClientFirstName, (3) tf_aClientLastName, (4) ta_selectedTopicContent, (5) tf_orgUnitName, (6) tf_aManufacturerFullName, (7) tf_aManufacturerName, (8) tf_aManufacturerAddress, or (9) tf_aManufacturerCity parameter.
Source: SUSE
Max CVSS
5.4
EPSS Score
1.22%
Published
2016-04-22
Updated
2018-10-09
The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.
Source: MITRE
Max CVSS
5.5
EPSS Score
1.31%
Published
2016-09-20
Updated
2023-09-12
The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.
Source: MITRE
Max CVSS
5.5
EPSS Score
0.54%
Published
2016-09-20
Updated
2023-09-12
The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.
Source: MITRE
Max CVSS
5.5
EPSS Score
1.26%
Published
2016-09-20
Updated
2023-09-12
The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.
Source: MITRE
Max CVSS
5.5
EPSS Score
0.05%
Published
2016-04-27
Updated
2018-01-05
The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference.
Source: SUSE
Max CVSS
5.3
EPSS Score
4.15%
Published
2016-02-18
Updated
2016-03-10
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.
Source: Adobe Systems Incorporated
Max CVSS
5.0
EPSS Score
0.53%
Published
2015-04-14
Updated
2018-10-30
Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security.
Source: Oracle
Max CVSS
5.0
EPSS Score
3.44%
Published
2015-01-21
Updated
2022-05-13
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment.
Source: Oracle
Max CVSS
5.8
EPSS Score
1.61%
Published
2015-01-21
Updated
2022-05-13
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
Source: Oracle
Max CVSS
5.0
EPSS Score
0.95%
Published
2015-01-21
Updated
2022-05-13
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot.
Source: Oracle
Max CVSS
5.4
EPSS Score
0.04%
Published
2015-01-21
Updated
2022-05-13
145 vulnerabilities found
1 2 3 4 5 6
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!