Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-3455

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-18 May, 2015 | 15:00
Updated At-06 Aug, 2024 | 05:47
Rejected At-
Credits

Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:18 May, 2015 | 15:00
Updated At:06 Aug, 2024 | 05:47
Rejected At:
â–¼CVE Numbering Authority (CNA)

Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html
vendor-advisory
x_refsource_FEDORA
http://rhn.redhat.com/errata/RHSA-2015-2378.html
vendor-advisory
x_refsource_REDHAT
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2015-09/msg00016.html
vendor-advisory
x_refsource_SUSE
http://www.securityfocus.com/bid/74438
vdb-entry
x_refsource_BID
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
x_refsource_CONFIRM
http://www.securitytracker.com/id/1032221
vdb-entry
x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html
vendor-advisory
x_refsource_SUSE
http://advisories.mageia.org/MGASA-2015-0191.html
x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2015:230
vendor-advisory
x_refsource_MANDRIVA
http://www.squid-cache.org/Advisories/SQUID-2015_1.txt
x_refsource_CONFIRM
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-2378.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-updates/2015-09/msg00016.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.securityfocus.com/bid/74438
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id/1032221
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://advisories.mageia.org/MGASA-2015-0191.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2015:230
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.squid-cache.org/Advisories/SQUID-2015_1.txt
Resource:
x_refsource_CONFIRM
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://rhn.redhat.com/errata/RHSA-2015-2378.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-updates/2015-09/msg00016.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.securityfocus.com/bid/74438
vdb-entry
x_refsource_BID
x_transferred
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id/1032221
vdb-entry
x_refsource_SECTRACK
x_transferred
http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://advisories.mageia.org/MGASA-2015-0191.html
x_refsource_CONFIRM
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2015:230
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.squid-cache.org/Advisories/SQUID-2015_1.txt
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-2378.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2015-09/msg00016.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.securityfocus.com/bid/74438
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id/1032221
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://advisories.mageia.org/MGASA-2015-0191.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2015:230
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.squid-cache.org/Advisories/SQUID-2015_1.txt
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:18 May, 2015 | 15:59
Updated At:06 May, 2026 | 22:30

Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.02.6LOW
AV:N/AC:H/Au:N/C:N/I:P/A:N
Type: Primary
Version: 2.0
Base score: 2.6
Base severity: LOW
Vector:
AV:N/AC:H/Au:N/C:N/I:P/A:N
CPE Matches

Oracle Corporation
oracle
>>linux>>7
cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>solaris>>11.2
cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.2.0.1
cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.2.0.2
cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.2.0.3
cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.2.0.4
cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.2.0.5
cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.2.0.6
cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.2.0.7
cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.2.0.8
cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.2.0.9
cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.2.0.10
cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.2.0.11
cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.2.0.12
cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.2.0.13
cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.2.0.14
cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.2.0.15
cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.2.0.16
cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.2.0.17
cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.2.0.18
cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.2.0.19
cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.2.1
cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.2.2
cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.2.3
cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.2.4
cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.2.5
cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.2.6
cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.2.7
cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.2.8
cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.2.9
cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.2.10
cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.2.11
cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.2.12
cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.2.13
cpe:2.3:a:squid-cache:squid:3.2.13:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.3.0
cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.3.0.1
cpe:2.3:a:squid-cache:squid:3.3.0.1:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.3.0.2
cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.3.0.3
cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.3.1
cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.3.2
cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.3.3
cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.3.4
cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.3.5
cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.3.6
cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.3.7
cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.3.8
cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.3.9
cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.3.10
cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.3.11
cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.3.12
cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://advisories.mageia.org/MGASA-2015-0191.htmlcve@mitre.org
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.htmlcve@mitre.org
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-09/msg00016.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.htmlcve@mitre.org
N/A
http://rhn.redhat.com/errata/RHSA-2015-2378.htmlcve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2015:230cve@mitre.org
Broken Link
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlcve@mitre.org
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlcve@mitre.org
Third Party Advisory
http://www.securityfocus.com/bid/74438cve@mitre.org
N/A
http://www.securitytracker.com/id/1032221cve@mitre.org
Third Party Advisory
VDB Entry
http://www.squid-cache.org/Advisories/SQUID-2015_1.txtcve@mitre.org
Vendor Advisory
http://advisories.mageia.org/MGASA-2015-0191.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-09/msg00016.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2015-2378.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2015:230af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/bid/74438af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1032221af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.squid-cache.org/Advisories/SQUID-2015_1.txtaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://advisories.mageia.org/MGASA-2015-0191.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-updates/2015-09/msg00016.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-2378.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2015:230
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/74438
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1032221
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.squid-cache.org/Advisories/SQUID-2015_1.txt
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://advisories.mageia.org/MGASA-2015-0191.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-updates/2015-09/msg00016.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2015-2378.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2015:230
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/74438
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1032221
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.squid-cache.org/Advisories/SQUID-2015_1.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

418Records found

CVE-2014-0381
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.6||LOW
EPSS-1.35% / 68.11%
||
7 Day CHG~0.00%
Published-15 Jan, 2014 | 01:33
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology, a different vulnerability than CVE-2014-0445.

Action-Not Available
Vendor-n/aOracle Corporation
Product-peoplesoft_productsn/a
CVE-2013-5772
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.6||LOW
EPSS-3.76% / 88.57%
||
7 Day CHG~0.00%
Published-16 Oct, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat.

Action-Not Available
Vendor-n/aOracle CorporationSun Microsystems (Oracle Corporation)
Product-jrejdkn/a
CVE-2018-2641
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.1||MEDIUM
EPSS-5.11% / 91.34%
||
7 Day CHG-0.03%
Published-18 Jan, 2018 | 02:00
Updated-03 Oct, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N).

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxHP Inc.Oracle CorporationRed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxxp_command_viewdebian_linuxxp7_command_viewenterprise_linux_server_eusxp_p9000_command_viewjreenterprise_linux_server_ausenterprise_linux_workstationsatellitejdkenterprise_linux_server_tusenterprise_linux_desktopstruxureware_data_center_expertJava
CVE-2012-0542
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.6||LOW
EPSS-1.34% / 67.97%
||
7 Day CHG~0.00%
Published-03 May, 2012 | 18:17
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Runtime Catalog.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2012-0513
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.6||LOW
EPSS-1.22% / 64.90%
||
7 Day CHG~0.00%
Published-03 May, 2012 | 17:18
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity, related to REST Services.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2019-2493
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.1||LOW
EPSS-1.09% / 61.37%
||
7 Day CHG~0.00%
Published-16 Jan, 2019 | 19:00
Updated-02 Oct, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the PeopleSoft Enterprise CS Campus Community component of Oracle PeopleSoft Products (subcomponent: Frameworks). Supported versions that are affected are 9.0 and 9.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Campus Community. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise CS Campus Community accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-peoplesoft_enterprise_campus_software_campus_communityPeopleSoft Enterprise CS Campus Community
CVE-2014-6558
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.6||LOW
EPSS-3.14% / 86.31%
||
7 Day CHG~0.00%
Published-15 Oct, 2014 | 22:03
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrockitjdkjren/a
CVE-2018-2629
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-4.83% / 90.91%
||
7 Day CHG-0.03%
Published-18 Jan, 2018 | 02:00
Updated-03 Oct, 2024 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).

Action-Not Available
Vendor-n/aCanonical Ltd.Debian GNU/LinuxHP Inc.Oracle CorporationRed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxxp7_command_viewenterprise_linux_server_eusenterprise_linux_server_aussatellitejdkstruxureware_data_center_expertjrockitxp_command_viewdebian_linuxxp_p9000_command_viewjreenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopn/a
CVE-2018-3136
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.4||LOW
EPSS-3.64% / 88.20%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 01:00
Updated-02 Oct, 2024 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N).

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxHP Inc.Oracle CorporationRed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxxp7_command_viewenterprise_linux_server_eusjreenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_eussatellitejdkenterprise_linux_server_tusenterprise_linux_desktopJava
CVE-2018-2790
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.1||LOW
EPSS-5.10% / 91.33%
||
7 Day CHG~0.00%
Published-19 Apr, 2018 | 02:00
Updated-06 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-Debian GNU/LinuxSchneider Electric SEOracle CorporationHP Inc.Red Hat, Inc.Canonical Ltd.
Product-enterprise_linux_server_ausenterprise_linux_server_tusjdkenterprise_linux_serverenterprise_linux_workstationjrestruxureware_data_center_expertdebian_linuxxp7_command_viewubuntu_linuxenterprise_linux_desktopenterprise_linux_server_eussatelliteJava
CVE-2018-20685
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-3.68% / 88.33%
||
7 Day CHG~0.00%
Published-10 Jan, 2019 | 00:00
Updated-17 Dec, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

Action-Not Available
Vendor-winscpn/aDebian GNU/LinuxSiemens AGOracle CorporationRed Hat, Inc.OpenBSDNetApp, Inc.Fujitsu LimitedCanonical Ltd.
Product-debian_linuxenterprise_linux_euscloud_backupm12-1_firmwarem12-2_firmwareenterprise_linux_server_ausenterprise_linuxm10-1scalance_x204rna_eec_firmwaresolarism12-1element_softwareopensshm12-2scalance_x204rna_firmwareontap_select_deploystorage_automation_storeenterprise_linux_server_tusm10-4sm10-4m12-2subuntu_linuxwinscpsteelstore_cloud_integrated_storagem10-4s_firmwarem12-2s_firmwarem10-4_firmwarescalance_x204rnam10-1_firmwarescalance_x204rna_eecn/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2015-4744
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.6||LOW
EPSS-1.79% / 75.71%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect integrity via unknown vectors related to Java Server Faces.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2010-0836
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.6||LOW
EPSS-1.22% / 65.08%
||
7 Day CHG~0.00%
Published-13 Jul, 2010 | 22:07
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect integrity via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2016-3447
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.9||MEDIUM
EPSS-1.24% / 65.67%
||
7 Day CHG~0.00%
Published-21 Apr, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to OAF Core.

Action-Not Available
Vendor-n/aOracle Corporation
Product-applications_frameworkn/a
CVE-2016-0688
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-2.06% / 79.00%
||
7 Day CHG~0.00%
Published-21 Apr, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via vectors related to Core Components.

Action-Not Available
Vendor-n/aOracle Corporation
Product-weblogic_servern/a
CVE-2021-2163
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-3.57% / 87.94%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 21:53
Updated-26 Sep, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).

Action-Not Available
Vendor-Debian GNU/LinuxNetApp, Inc.Oracle CorporationFedora Project
Product-debian_linuxopenjdkgraalvmhci_storage_nodejrehci_management_nodefedoraactive_iq_unified_managerjdkhci_compute_nodesolidfireJava SE JDK and JRE
CVE-2015-4926
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.6||LOW
EPSS-1.45% / 70.16%
||
7 Day CHG~0.00%
Published-21 Jan, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect integrity via vectors related to UIX.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2014-1504
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-2.6||LOW
EPSS-2.06% / 79.05%
||
7 Day CHG~0.00%
Published-19 Mar, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart.

Action-Not Available
Vendor-n/aopenSUSEOracle CorporationSUSEMozilla Corporation
Product-linux_enterprise_sdkfirefoxseamonkeylinux_enterprise_desktopsolarislinux_enterprise_serveropensusen/a
CVE-2015-0504
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.6||LOW
EPSS-1.53% / 71.61%
||
7 Day CHG~0.00%
Published-16 Apr, 2015 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Error Messages.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2014-6502
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.6||LOW
EPSS-3.09% / 86.12%
||
7 Day CHG~0.00%
Published-15 Oct, 2014 | 22:03
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jdkjren/a
CVE-2014-6527
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.6||LOW
EPSS-3.09% / 86.12%
||
7 Day CHG~0.00%
Published-15 Oct, 2014 | 22:03
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jren/a
CVE-2014-4208
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.6||LOW
EPSS-2.88% / 85.11%
||
7 Day CHG~0.00%
Published-17 Jul, 2014 | 02:36
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4220.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jdkjren/a
CVE-2014-2420
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-2.6||LOW
EPSS-3.51% / 87.78%
||
7 Day CHG~0.00%
Published-16 Apr, 2014 | 02:05
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jdkjren/a
CVE-2008-4456
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-2.6||LOW
EPSS-7.05% / 93.42%
||
7 Day CHG~0.00%
Published-06 Oct, 2008 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.

Action-Not Available
Vendor-mysqln/aOracle Corporation
Product-mysqln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-21333
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-6.1||MEDIUM
EPSS-1.39% / 69.04%
||
7 Day CHG~0.00%
Published-26 Mar, 2021 | 20:00
Updated-03 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTML injection in email and account expiry notifications

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the notification emails sent for notifications for missed messages or for an expiring account are subject to HTML injection. In the case of the notification for missed messages, this could allow an attacker to insert forged content into the email. The account expiry feature is not enabled by default and the HTML injection is not controllable by an attacker. This is fixed in version 1.27.0.

Action-Not Available
Vendor-The Matrix.org FoundationFedora Project
Product-fedorasynapsesynapse
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-21295
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-18.89% / 96.95%
||
7 Day CHG~0.00%
Published-09 Mar, 2021 | 18:35
Updated-03 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Possible request smuggling in HTTP/2 due missing validation

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`.

Action-Not Available
Vendor-quarkusThe Netty ProjectNetApp, Inc.The Apache Software FoundationDebian GNU/LinuxOracle Corporation
Product-debian_linuxoncommand_api_servicesquarkusnettykuduzookeeperoncommand_workflow_automationcommunications_cloud_native_core_policyio.netty:netty-codec-http2
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2020-5397
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-5.3||MEDIUM
EPSS-2.38% / 81.86%
||
7 Day CHG~0.00%
Published-17 Jan, 2020 | 18:50
Updated-17 Sep, 2024 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack.

Action-Not Available
Vendor-Oracle CorporationVMware (Broadcom Inc.)
Product-communications_diameter_signaling_routerinsurance_rules_paletteretail_central_officerapid_planningretail_back_officeretail_service_backbonecommunications_session_route_managerretail_financial_integrationretail_assortment_planningflexcube_private_bankingretail_integration_busretail_returns_managementcommunications_policy_managementhealthcare_master_person_indexcommunications_brm_-_elastic_charging_enginespring_frameworkretail_point-of-servicefinancial_services_regulatory_reporting_with_agilereporterinsurance_policy_administration_j2eeweblogic_serverretail_order_brokermysql_enterprise_monitorinsurance_calculation_engineapplication_testing_suitecommunications_element_managerenterprise_manager_base_platformretail_predictive_application_serverSpring Framework
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-14798
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.1||LOW
EPSS-2.68% / 84.01%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 14:04
Updated-27 May, 2025 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).

Action-Not Available
Vendor-Debian GNU/LinuxNetApp, Inc.Oracle CorporationopenSUSE
Product-active_iq_unified_managersantricity_cloud_connectorsantricity_unified_managersolidfire7-mode_transition_toolhci_management_nodeopenjdkjreleapsnapmanagere-series_santricity_web_services_proxyjdke-series_santricity_storage_managere-series_santricity_os_controllerhci_storage_nodedebian_linuxoncommand_unified_manageroncommand_insightJava SE JDK and JRE
CVE-2022-20612
Matching Score-8
Assigner-Jenkins Project
ShareView Details
Matching Score-8
Assigner-Jenkins Project
CVSS Score-4.3||MEDIUM
EPSS-1.78% / 75.54%
||
7 Day CHG+0.01%
Published-12 Jan, 2022 | 19:05
Updated-03 Aug, 2024 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.

Action-Not Available
Vendor-Oracle CorporationJenkins
Product-communications_cloud_native_core_automated_test_suitejenkinsJenkins
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2017-3321
Matching Score-6
Assigner-Oracle
ShareView Details
Matching Score-6
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-1.82% / 76.12%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: General). Supported versions that are affected are 7.2.19 and earlier, 7.3.8 and earlier and 7.4.5 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS v3.0 Base Score 3.7 (Availability impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-mysql_clusterMySQL Cluster
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2287
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-2.44% / 82.34%
||
7 Day CHG~0.00%
Published-18 Apr, 2014 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value.

Action-Not Available
Vendor-n/aDigium, Inc.Fedora Project
Product-certified_asteriskasteriskfedoran/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2286
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-16.26% / 96.56%
||
7 Day CHG~0.00%
Published-18 Apr, 2014 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.

Action-Not Available
Vendor-n/aDigium, Inc.Fedora Project
Product-certified_asteriskasteriskfedoran/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0207
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-16.85% / 96.67%
||
7 Day CHG~0.00%
Published-09 Jul, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.

Action-Not Available
Vendor-christos_zoulasn/aopenSUSEOracle CorporationThe PHP GroupDebian GNU/Linux
Product-debian_linuxphpfilelinuxopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2017-3280
Matching Score-6
Assigner-Oracle
ShareView Details
Matching Score-6
Assigner-Oracle
CVSS Score-4.7||MEDIUM
EPSS-1.57% / 72.34%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS v3.0 Base Score 4.7 (Integrity impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-partner_managementPartner Management
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0128
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-32.63% / 98.13%
||
7 Day CHG~0.00%
Published-14 Apr, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.

Action-Not Available
Vendor-n/aSquid CacheopenSUSE
Product-squidopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-3236
Matching Score-6
Assigner-Oracle
ShareView Details
Matching Score-6
Assigner-Oracle
CVSS Score-4.7||MEDIUM
EPSS-1.52% / 71.57%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 4.7 (Integrity impacts).

Action-Not Available
Vendor-Oracle Corporation
Product-flexcube_universal_bankingFLEXCUBE Universal Banking
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4409
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-3.04% / 85.90%
||
7 Day CHG~0.00%
Published-04 Nov, 2019 | 20:45
Updated-06 Aug, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.

Action-Not Available
Vendor-reviewboardPython Software Foundation; BeanbagRed Hat, Inc.Fedora Project
Product-djbletsreview_boardfedoraenterprise_linuxReview BoardDjblets
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4123
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-80.45% / 99.57%
||
7 Day CHG~0.00%
Published-16 Sep, 2013 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.

Action-Not Available
Vendor-n/aSquid CacheopenSUSE
Product-squidopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4283
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-2.43% / 82.22%
||
7 Day CHG~0.00%
Published-10 Sep, 2013 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request.

Action-Not Available
Vendor-n/aFedora Project
Product-389_directory_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4485
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4||MEDIUM
EPSS-1.99% / 78.26%
||
7 Day CHG~0.00%
Published-23 Nov, 2013 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.

Action-Not Available
Vendor-n/aFedora ProjectRed Hat, Inc.
Product-enterprise_linuxdirectory_server389_directory_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-17042
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.07% / 86.02%
||
7 Day CHG~0.00%
Published-07 Oct, 2019 | 15:34
Updated-05 Aug, 2024 | 01:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.

Action-Not Available
Vendor-rsyslogn/aDebian GNU/LinuxopenSUSEFedora Project
Product-rsyslogdebian_linuxfedoraleapn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-1930
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.22% / 64.98%
||
7 Day CHG~0.00%
Published-31 Oct, 2019 | 19:05
Updated-06 Aug, 2024 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues.

Action-Not Available
Vendor-Fedora ProjectMantis Bug Tracker (MantisBT)
Product-mantisbtfedoramantisBT
CWE ID-CWE-20
Improper Input Validation
CVE-2013-1839
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-18.31% / 96.87%
||
7 Day CHG~0.00%
Published-30 Sep, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a "," character in an Accept-Language header.

Action-Not Available
Vendor-n/aSquid Cache
Product-squidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-1747
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-5.30% / 91.59%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 13:56
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.

Action-Not Available
Vendor-pyyamlopenSUSERed Hat, Inc.Fedora ProjectOracle Corporation
Product-communications_cloud_native_core_network_function_cloud_native_environmentfedorapyyamlleapPyYAML
CWE ID-CWE-20
Improper Input Validation
CVE-2020-15964
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-2.94% / 85.45%
||
7 Day CHG~0.00%
Published-21 Sep, 2020 | 19:06
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackports_sleleapChrome
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-20
Improper Input Validation
CVE-2013-0334
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.85% / 88.86%
||
7 Day CHG+0.03%
Published-31 Oct, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

Action-Not Available
Vendor-bundlern/aFedora ProjectopenSUSE
Product-bundleropensusefedoran/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-5643
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-23.00% / 97.47%
||
7 Day CHG~0.00%
Published-20 Dec, 2012 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.

Action-Not Available
Vendor-n/aSquid Cache
Product-squidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-13401
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-2.84% / 84.94%
||
7 Day CHG~0.00%
Published-02 Jun, 2020 | 13:42
Updated-04 Aug, 2024 | 12:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.

Action-Not Available
Vendor-n/aFedora ProjectBroadcom Inc.Debian GNU/LinuxDocker, Inc.
Product-sannavenginedebian_linuxfedoran/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-39318
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.95% / 57.01%
||
7 Day CHG~0.00%
Published-16 Nov, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Division by zero in urbdrc channel in FreeRDP

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input validation in `urbdrc` channel. A malicious server can trick a FreeRDP based client to crash with division by zero. This issue has been addressed in version 2.9.0. All users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.

Action-Not Available
Vendor-FreeRDPFedora Project
Product-fedorafreerdpFreeRDP
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-369
Divide By Zero
CVE-2022-39346
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-3.5||LOW
EPSS-0.99% / 58.24%
||
7 Day CHG~0.00%
Published-25 Nov, 2022 | 00:00
Updated-23 Apr, 2025 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing length validation of user displayname in nextcloud server

Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to 22.2.10, 23.0.7 or 24.0.3. There are no known workarounds for this issue.

Action-Not Available
Vendor-Fedora ProjectNextcloud GmbH
Product-nextcloud_enterprise_serverfedoranextcloud_serversecurity-advisories
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 8
  • 9
  • Next
Details not found