Total
65991 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-1491 | 1 Lenovo | 1 Shareit | 2023-12-10 | 5.4 MEDIUM | 8.8 HIGH |
The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area. | |||||
CVE-2016-5420 | 3 Debian, Haxx, Opensuse | 3 Debian Linux, Libcurl, Leap | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. | |||||
CVE-2016-0966 | 5 Adobe, Apple, Google and 2 more | 13 Air Desktop Runtime, Air Sdk, Air Sdk \& Compiler and 10 more | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981. | |||||
CVE-2016-5539 | 1 Oracle | 1 Micros Xstore Payment | 2023-12-10 | 4.6 MEDIUM | 7.3 HIGH |
Unspecified vulnerability in the Oracle Retail Xstore Payment component in Oracle Retail Applications 1.x allows local users to affect confidentiality, integrity, and availability via unknown vectors. | |||||
CVE-2016-4069 | 2 Opensuse, Roundcube | 2 Leap, Webmail | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors. | |||||
CVE-2016-3142 | 2 Apple, Php | 2 Mac Os X, Php | 2023-12-10 | 6.4 MEDIUM | 8.2 HIGH |
The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location. | |||||
CVE-2016-8600 | 1 Dotcms | 1 Dotcms | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later. | |||||
CVE-2016-0867 | 1 Carel | 1 Plantvisor Enhanced | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
CAREL PlantVisorEnhanced allows remote attackers to bypass intended access restrictions via a direct file request. | |||||
CVE-2016-5141 | 1 Google | 1 Chrome | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional URL for an initially empty document, related to FrameLoader.cpp and ScopedPageLoadDeferrer.cpp. | |||||
CVE-2016-4255 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2016-3698 | 4 Canonical, Debian, Libndp and 1 more | 10 Ubuntu Linux, Debian Linux, Libndp and 7 more | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network. | |||||
CVE-2016-7133 | 1 Php | 1 Php | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a long pathname. | |||||
CVE-2016-6442 | 1 Cisco | 1 Finesse | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvb57213. Known Affected Releases: 11.0(1). | |||||
CVE-2016-0795 | 2 Canonical, Libreoffice | 2 Ubuntu Linux, Libreoffice | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document. | |||||
CVE-2016-6276 | 1 Citrix | 1 Linux Virtual Delivery Agent | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Citrix Linux Virtual Delivery Agent (aka VDA, formerly Linux Virtual Desktop) before 1.4.0 allows local users to gain root privileges via unspecified vectors. | |||||
CVE-2016-3865 | 1 Google | 1 Android | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
The Synaptics touchscreen driver in Android before 2016-09-05 on Nexus 5X and 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28799389. | |||||
CVE-2016-7862 | 6 Adobe, Apple, Google and 3 more | 14 Flash Player, Flash Player For Linux, Mac Os X and 11 more | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2016-1193 | 1 Cybozu | 1 Garoon | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors. | |||||
CVE-2016-7863 | 6 Adobe, Apple, Google and 3 more | 13 Flash Player, Flash Player For Linux, Mac Os X and 10 more | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2016-2497 | 1 Google | 1 Android | 2023-12-10 | 7.5 HIGH | 7.3 HIGH |
services/core/java/com/android/server/pm/PackageManagerService.java in the framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to increase intent-filter priority via a crafted application, aka internal bug 27450489. |