| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2016-3144 |
79 |
|
XSS |
2016-04-15 |
2016-12-02 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the "Administer block classes" permission to inject arbitrary web script or HTML via a class name. |
|
2 |
CVE-2016-2045 |
79 |
|
XSS |
2016-02-19 |
2016-08-02 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response. |
|
3 |
CVE-2016-2043 |
79 |
|
XSS |
2016-02-19 |
2018-10-30 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page. |
|
4 |
CVE-2016-2040 |
79 |
|
XSS |
2016-02-19 |
2018-10-30 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header. |
|
5 |
CVE-2015-5146 |
20 |
|
DoS |
2017-08-24 |
2018-08-01 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet. |
|
6 |
CVE-2015-5070 |
200 |
|
+Info File Inclusion |
2017-09-26 |
2017-10-10 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069. |
|
7 |
CVE-2015-2922 |
17 |
|
|
2015-05-27 |
2018-01-04 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. |
|
8 |
CVE-2015-0374 |
|
|
|
2015-01-21 |
2017-09-07 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key. |
|
9 |
CVE-2014-8737 |
22 |
|
Dir. Trav. |
2014-12-09 |
2017-06-30 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar. |
|
10 |
CVE-2014-6568 |
|
|
|
2015-01-21 |
2017-01-02 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML. |
|
11 |
CVE-2014-4978 |
59 |
|
|
2017-12-29 |
2018-01-10 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph. |
|
12 |
CVE-2014-2524 |
59 |
|
|
2014-08-20 |
2018-10-30 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. |
|
13 |
CVE-2014-2287 |
20 |
|
DoS |
2014-04-18 |
2014-04-21 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value. |
|
14 |
CVE-2013-0159 |
59 |
|
DoS |
2018-05-01 |
2018-06-13 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg. |
