257 matches found
CVE-2016-2346
Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream...
CVE-2016-1948
Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modifying the client-server data stream...
UBUNTU-CVE-2015-4815
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL...
mysql: unspecified vulnerability related to Server:DDL (CPU April 2015)
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL...
CVE-2015-2058
c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other unspecified impact via a crafted JID...
IBM Tivoli Security Directory Server Information Disclosure Vulnerability (CNVD-2015-04104)
IBM Tivoli Security Directory Server now known as IBM Security Directory Server, ISDS is a suite of enterprise identity management software from IBM in the United States that uses the Lightweight Directory Access Protocol LDAP. The software provides a trusted identity data infrastructure for...
EMC Documentum Thumbnail Server Directory Traversal Vulnerability
EMC Documentum Thumbnail Server is the HTTP server. EMC Documentum Thumbnail Server has a directory traversal vulnerability in its implementation that could allow a malicious user to gain unauthorized access to Content Server content...
Unspecified Vulnerability in Oracle MySQL Server Server:DDL Subcomponent
Oracle MySQL Server is an open source relational database management system. A security vulnerability exists in the Server:DDL subcomponent of Oracle MySQL Server, which can be exploited by remote attackers to conduct denial of service attacks...
CVE-2015-1595
The Siemens SPCanywhere application for Android and iOS does not use encryption during lookups of system ID to IP address mappings, which allows man-in-the-middle attackers to discover alarm IP addresses and spoof servers by intercepting the client-server data stream...
mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014)
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML...
mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014)
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML...
mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014)
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML...
mysql: unspecified vulnerability related to SERVER:DDL (CPU October 2014)
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL...
mysql: unspecified vulnerability related to SERVER:DDL (CPU October 2014)
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL...
mysql: unspecified vulnerability related to SERVER:DDL (CPU October 2014)
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL...
mysql: unspecified vulnerability related to SERVER:DML (CPU October 2014)
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML...
mysql: unspecified vulnerability related to SERVER:DDL (CPU October 2014)
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL...
nss: false start PR_Recv information disclosure security issue
A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server...
USN-2211-1 libxfont vulnerabilities
Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges. CVE-2014-0209 Ilja van Sprundel discovered that libXfont incorrectly handled...
CVE-2014-1242
Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream...