Filtered by vendor Oracle
Subscribe
Total
10171 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5582 | 1 Oracle | 2 Jdk, Jre | 2023-11-07 | 9.3 HIGH | 9.6 CRITICAL |
| Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5573. | |||||
| CVE-2016-5556 | 1 Oracle | 2 Jdk, Jre | 2023-11-07 | 9.3 HIGH | 9.6 CRITICAL |
| Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. | |||||
| CVE-2016-5568 | 1 Oracle | 2 Jdk, Jre | 2023-11-07 | 9.3 HIGH | 9.6 CRITICAL |
| Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. | |||||
| CVE-2016-6302 | 2 Openssl, Oracle | 3 Openssl, Linux, Solaris | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short. | |||||
| CVE-2016-4082 | 3 Debian, Oracle, Wireshark | 3 Debian Linux, Solaris, Wireshark | 2023-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service (out-of-bounds access and application crash) via a crafted packet. | |||||
| CVE-2016-4956 | 6 Novell, Ntp, Opensuse and 3 more | 11 Suse Manager, Ntp, Leap and 8 more | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548. | |||||
| CVE-2016-4483 | 3 Debian, Oracle, Xmlsoft | 3 Debian Linux, Solaris, Libxml2 | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627. | |||||
| CVE-2016-4079 | 3 Debian, Oracle, Wireshark | 3 Debian Linux, Solaris, Wireshark | 2023-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet. | |||||
| CVE-2016-4055 | 3 Momentjs, Oracle, Tenable | 3 Moment, Primavera Unifier, Nessus | 2023-11-07 | 7.8 HIGH | 6.5 MEDIUM |
| The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)." | |||||
| CVE-2016-4955 | 6 Novell, Ntp, Opensuse and 3 more | 11 Suse Manager, Ntp, Leap and 8 more | 2023-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time. | |||||
| CVE-2016-4954 | 5 Ntp, Opensuse, Oracle and 2 more | 15 Ntp, Leap, Opensuse and 12 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication. | |||||
| CVE-2016-4085 | 3 Debian, Oracle, Wireshark | 3 Debian Linux, Solaris, Wireshark | 2023-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet. | |||||
| CVE-2016-2177 | 3 Hp, Openssl, Oracle | 6 Icewall Mcrp, Icewall Sso, Icewall Sso Agent Option and 3 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c. | |||||
| CVE-2016-2334 | 3 7-zip, Fedoraproject, Oracle | 3 7-zip, Fedora, Solaris | 2023-11-07 | 9.3 HIGH | 7.8 HIGH |
| Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image. | |||||
| CVE-2016-2179 | 2 Openssl, Oracle | 2 Openssl, Linux | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c. | |||||
| CVE-2016-2182 | 3 Hp, Openssl, Oracle | 6 Icewall Federation Agent, Icewall Mcrp, Icewall Sso and 3 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2016-2181 | 2 Openssl, Oracle | 2 Openssl, Linux | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c. | |||||
| CVE-2016-2178 | 6 Canonical, Debian, Nodejs and 3 more | 7 Ubuntu Linux, Debian Linux, Node.js and 4 more | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. | |||||
| CVE-2016-2105 | 8 Apple, Canonical, Debian and 5 more | 15 Mac Os X, Ubuntu Linux, Debian Linux and 12 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. | |||||
| CVE-2016-0705 | 5 Canonical, Debian, Google and 2 more | 5 Ubuntu Linux, Debian Linux, Android and 2 more | 2023-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. | |||||