Total
66065 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-7087 | 1 Apple | 1 Quicktime | 2023-12-10 | 6.8 MEDIUM | 6.6 MEDIUM |
Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117. | |||||
CVE-2016-3234 | 1 Microsoft | 6 Office, Office Compatibility Pack, Office Web Apps and 3 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability." | |||||
CVE-2016-0869 | 1 Microsys | 1 Promotic | 2023-12-10 | 7.1 HIGH | 5.0 MEDIUM |
Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users to cause a denial of service via a malformed HTML document. | |||||
CVE-2016-0032 | 1 Microsoft | 1 Exchange Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability." | |||||
CVE-2016-1229 | 1 Humhub | 1 Humhub | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta before 1.0.0-beta.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2016-0227 | 1 Ibm | 1 Business Process Manager | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in the document-list control implementation in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, and 8.5.5 and 8.5.6 through 8.5.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
CVE-2016-3513 | 1 Oracle | 1 Communications Operations Monitor | 2023-12-10 | 6.8 MEDIUM | 6.5 MEDIUM |
Unspecified vulnerability in the Oracle Communications Operations Monitor component in Oracle Communications Applications before 3.3.92.0.0 allows remote authenticated users to affect confidentiality via vectors related to Infrastructure. | |||||
CVE-2016-1377 | 1 Cisco | 1 Unity Connection | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776. | |||||
CVE-2015-1547 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif. | |||||
CVE-2015-5339 | 1 Moodle | 1 Moodle | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
The core_enrol_get_enrolled_users web service in enrol/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly implement group-based access restrictions, which allows remote authenticated users to obtain sensitive course-participant information via a web-service request. | |||||
CVE-2015-5231 | 2 Criu, Opensuse | 2 Checkpoint\/restore In Userspace, Opensuse | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
The service daemon in CRIU does not properly restrict access to non-dumpable processes, which allows local users to obtain sensitive information via (1) process dumps or (2) ptrace access. | |||||
CVE-2016-0659 | 1 Oracle | 1 Mysql | 2023-12-10 | 3.5 LOW | 5.5 MEDIUM |
Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Optimizer. | |||||
CVE-2016-2882 | 1 Ibm | 1 Tririga Application Platform | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to obtain sensitive information by reading HTTP responses. | |||||
CVE-2015-6004 | 1 Ipswitch | 1 Whatsup Gold | 2023-12-10 | 6.5 MEDIUM | 6.5 MEDIUM |
Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter. | |||||
CVE-2016-8295 | 1 Oracle | 1 Peoplesoft Enterprise Human Capital Management Time And Labor | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors. | |||||
CVE-2016-3462 | 1 Oracle | 1 Solaris | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Network Configuration Service. | |||||
CVE-2016-3612 | 1 Oracle | 1 Vm Virtualbox | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.22 allows remote attackers to affect confidentiality via vectors related to Core. | |||||
CVE-2015-8675 | 1 Huawei | 2 S5300, S5300 Firmware | 2023-12-10 | 2.1 LOW | 6.2 MEDIUM |
Huawei S5300 Campus Series switches with software before V200R005SPH008 do not mask the password when uploading files, which allows physically proximate attackers to obtain sensitive password information by reading the display. | |||||
CVE-2016-5507 | 1 Oracle | 1 Mysql | 2023-12-10 | 6.8 MEDIUM | 4.9 MEDIUM |
Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. | |||||
CVE-2016-5944 | 1 Ibm | 2 Spectrum Control, Tivoli Storage Productivity Center | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string. |