Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45433 | 2 Dahuasecurity, Microsoft | 9 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 6 more | 2025-04-14 | N/A | 3.7 LOW |
|
Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could get the traceroute results.
|
|||||
| CVE-2022-45432 | 2 Dahuasecurity, Microsoft | 9 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 6 more | 2025-04-14 | N/A | 5.3 MEDIUM |
|
Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS Server.
|
|||||
| CVE-2022-45428 | 1 Dahuasecurity | 8 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 5 more | 2025-04-14 | N/A | 2.7 LOW |
|
Some Dahua software products have a vulnerability of sensitive information leakage. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can obtain the debugging information.
|
|||||
| CVE-2023-40275 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2025-04-14 | N/A | 9.1 CRITICAL |
|
An issue was discovered in OpenClinic GA 5.247.01. It allows retrieval of patient lists via queries such as findFirstname= to _common/search/searchByAjax/patientslistShow.jsp.
|
|||||
| CVE-2022-45434 | 2 Dahuasecurity, Microsoft | 9 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 6 more | 2025-04-14 | N/A | 5.9 MEDIUM |
|
Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could exploit the victim server to launch ICMP request attack to the designated target host.
|
|||||
| CVE-2025-31560 | 1 Salonbookingsystem | 1 Salon Booking System | 2025-04-14 | N/A | 7.2 HIGH |
|
Incorrect Privilege Assignment vulnerability in Dimitri Grassi Salon booking system allows Privilege Escalation. This issue affects Salon booking system: from n/a through 10.11.
|
|||||
| CVE-2016-3429 | 1 Oracle | 1 Retail Xstore Point Of Service | 2025-04-12 | 5.4 MEDIUM | 4.5 MEDIUM |
|
Unspecified vulnerability in the Oracle Retail Xstore Point of Service component in Oracle Retail Applications 5.0, 5.5, 6.0, 6.5, 7.0, and 7.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Xstore Services.
|
|||||
| CVE-2014-4290 | 1 Oracle | 1 Database Server | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477.
|
|||||
| CVE-2016-0587 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality via unknown vectors related to File Processing.
|
|||||
| CVE-2014-4256 | 1 Oracle | 1 Fusion Middleware | 2025-04-12 | 5.8 MEDIUM | N/A |
|
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality and integrity via vectors related to WLS - Deployment.
|
|||||
| CVE-2014-1734 | 4 Apple, Google, Linux and 1 more | 4 Mac Os X, Chrome, Linux Kernel and 1 more | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
|
|||||
| CVE-2014-4251 | 1 Oracle | 1 Fusion Middleware | 2025-04-12 | 3.5 LOW | N/A |
|
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0 and 12.1.2.0 allows remote authenticated users to affect integrity via vectors related to plugin 1.1.
|
|||||
| CVE-2015-0499 | 6 Canonical, Debian, Mariadb and 3 more | 14 Ubuntu Linux, Debian Linux, Mariadb and 11 more | 2025-04-12 | 3.5 LOW | N/A |
|
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.
|
|||||
| CVE-2014-7894 | 1 Hp | 6 Hybrid Pos Printer With Micr Us Fk184aa, Ole Point Of Sale Driver, Pusb Thermal Receipt Printer F7m67aa and 3 more | 2025-04-12 | 10.0 HIGH | N/A |
|
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSPrinter.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2506.
|
|||||
| CVE-2011-5274 | 1 Gplhost | 1 Domain Technologie Control | 2025-04-12 | 7.5 HIGH | N/A |
|
The drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the dtcpkg_directory parameter in a do_install action to dtc/.
|
|||||
| CVE-2016-0693 | 1 Oracle | 1 Solaris | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the PAM LDAP module.
|
|||||
| CVE-2016-5443 | 1 Oracle | 1 Mysql | 2025-04-12 | 1.2 LOW | 4.7 MEDIUM |
|
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection.
|
|||||
| CVE-2015-1118 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | 5.0 MEDIUM | N/A |
|
libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile.
|
|||||
| CVE-2016-3577 | 1 Oracle | 1 Outside In Technology | 2025-04-12 | 9.0 HIGH | 8.6 HIGH |
|
Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and C ...
Show More |
|||||
| CVE-2014-4255 | 1 Oracle | 1 Fusion Middleware | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS - Security and Policy.
|
|||||
| CVE-2016-3541 | 1 Oracle | 1 Common Applications Calendar | 2025-04-12 | 9.4 HIGH | 9.1 CRITICAL |
|
Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Notes.
|
|||||
| CVE-2015-4824 | 1 Oracle | 1 Supply Chain Products Suite | 2025-04-12 | 2.1 LOW | N/A |
|
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.
|
|||||
| CVE-2015-2650 | 1 Oracle | 1 Peoplesoft Products | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect confidentiality via unknown vectors related to Multichannel Framework.
|
|||||
| CVE-2015-4802 | 7 Canonical, Debian, Fedoraproject and 4 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.
|
|||||
| CVE-2016-0524 | 1 Oracle | 1 E-business Suite | 2025-04-12 | 6.4 MEDIUM | N/A |
|
Unspecified vulnerability in the Oracle Universal Work Queue component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Work Provider Administration.
|
|||||
| CVE-2014-6536 | 1 Oracle | 1 Supply Chain Products Suite | 2025-04-12 | 3.5 LOW | N/A |
|
Unspecified vulnerability in the Agile PLM component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Security.
|
|||||
| CVE-2014-2328 | 4 Cacti, Debian, Fedoraproject and 1 more | 4 Cacti, Debian Linux, Fedora and 1 more | 2025-04-12 | 6.5 MEDIUM | N/A |
|
lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.
|
|||||
| CVE-2016-0486 | 1 Oracle | 1 Application Testing Suite | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480, CVE-2016-0481, CVE-2016-0482, and CVE-2016-0485. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability ...
Show More |
|||||
| CVE-2016-0418 | 1 Oracle | 1 Solaris | 2025-04-12 | 6.1 MEDIUM | N/A |
|
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0414.
|
|||||
| CVE-2016-0603 | 2 Microsoft, Oracle | 3 Windows, Jdk, Jre | 2025-04-12 | 7.6 HIGH | N/A |
|
Unspecified vulnerability in the Java SE component in Oracle Java SE 6u111, 7u95, 8u71, and 8u72, when running on Windows, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. NOTE: the previous information is from Oracle's Security Alert for CVE-2016-0603. Oracle has not commented on third-party claims that this is an untrusted search path issue that allows local users to gain privileges via a Trojan horse dll in the "applicatio ...
Show More |
|||||
| CVE-2014-3679 | 1 Jenkins-ci | 1 Monitoring Plugin | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The Monitoring plugin before 1.53.0 for Jenkins allows remote attackers to obtain sensitive information by accessing unspecified pages.
|
|||||
| CVE-2015-4922 | 1 Oracle | 1 Solaris | 2025-04-12 | 2.1 LOW | N/A |
|
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to Boot.
|
|||||
| CVE-2015-2655 | 1 Oracle | 1 Database Server | 2025-04-12 | 5.5 MEDIUM | N/A |
|
Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.3.00.08 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
|
|||||
| CVE-2014-3970 | 1 Pulseaudio | 1 Pulseaudio | 2025-04-12 | 2.9 LOW | N/A |
|
The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet.
|
|||||
| CVE-2016-3484 | 1 Oracle | 1 Database | 2025-04-12 | 3.2 LOW | 3.4 LOW |
|
Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality and integrity via unknown vectors.
|
|||||
| CVE-2014-4234 | 1 Oracle | 1 Supply Chain Products Suite | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, and 6.3.4 allows remote attackers to affect confidentiality via unknown vectors related to Data, Domain & Function Security.
|
|||||
| CVE-2015-4776 | 1 Oracle | 1 Berkeley Db | 2025-04-12 | 6.9 MEDIUM | N/A |
|
Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640, CVE-2015-2654, CVE-2015-2656, CVE-2015-4754, CVE-2015-4764, CVE-2015-4775, CVE-2015-4777, CVE-2015-4778, CVE-2015-4780, CVE-2015-4781, CVE-2015-4782, CVE-2015-4783, CVE-2015-4784, CVE ...
Show More |
|||||
| CVE-2016-3535 | 1 Oracle | 1 Crm Technical Foundation | 2025-04-12 | 7.8 HIGH | 8.2 HIGH |
|
Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Remote Launch. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue is a cross-site scripting (XSS) vulnerability, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2014-1418 | 2 Canonical, Djangoproject | 2 Ubuntu Linux, Django | 2025-04-12 | 6.4 MEDIUM | N/A |
|
Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers.
|
|||||
| CVE-2013-5017 | 1 Symantec | 1 Web Gateway | 2025-04-12 | 7.9 HIGH | 9.8 CRITICAL |
|
SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote attackers to execute arbitrary commands via unspecified vectors.
|
|||||