Total
65121 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-0908 | 1 Emc | 1 Isilon Onefs | 2023-12-10 | 6.8 MEDIUM | 6.7 MEDIUM |
EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows local users to obtain root shell access by leveraging administrative privileges. | |||||
CVE-2016-3722 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name." | |||||
CVE-2015-7328 | 1 Puppet | 1 Puppet Enterprise | 2023-12-10 | 1.9 LOW | 4.7 MEDIUM |
Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during the initial installation and configuration, which might allow local users to obtain sensitive information via unspecified vectors. | |||||
CVE-2016-1445 | 1 Cisco | 1 Adaptive Security Appliance Software | 2023-12-10 | 4.3 MEDIUM | 5.3 MEDIUM |
Cisco Adaptive Security Appliance (ASA) Software 8.2 through 9.4.3.3 allows remote attackers to bypass intended ICMP Echo Reply ACLs via vectors related to subtypes. | |||||
CVE-2016-4420 | 1 Wireshark | 1 Wireshark | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
CVE-2016-3560 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via vectors related to SDK, a different vulnerability than CVE-2016-3526 and CVE-2016-3529. | |||||
CVE-2016-2846 | 1 Siemens | 2 Simatic S7 1200 Cpu, Simatic S7 Cpu 1200 Firmware | 2023-12-10 | 6.4 MEDIUM | 6.5 MEDIUM |
Siemens SIMATIC S7-1200 CPU devices before 4.0 allow remote attackers to bypass a "user program block" protection mechanism via unspecified vectors. | |||||
CVE-2016-8294 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect confidentiality via unknown vectors. | |||||
CVE-2016-1225 | 1 Trendmicro | 1 Internet Security | 2023-12-10 | 5.0 MEDIUM | 6.5 MEDIUM |
Trend Micro Internet Security 8 and 10 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
CVE-2016-6677 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The NVIDIA GPU driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30259955. | |||||
CVE-2016-4086 | 1 Huawei | 1 Hisuite | 2023-12-10 | 2.9 LOW | 5.3 MEDIUM |
Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before 4.0.4.204_ove allows remote attackers to install arbitrary apps on a connected phone via unspecified vectors. | |||||
CVE-2016-4758 | 2 Apple, Microsoft | 4 Iphone Os, Itunes, Safari and 1 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site. | |||||
CVE-2016-7777 | 1 Xen | 1 Xen | 2023-12-10 | 3.3 LOW | 6.3 MEDIUM |
Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it. | |||||
CVE-2016-9116 | 1 Uclouvain | 1 Openjpeg | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. | |||||
CVE-2016-1000128 | 1 Anti-plagiarism Project | 1 Anti-plagiarism | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Reflected XSS in wordpress plugin anti-plagiarism v3.60 | |||||
CVE-2015-8737 | 1 Wireshark | 1 Wireshark | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The mp2t_open function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not validate the bit rate, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. | |||||
CVE-2016-0723 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 5.6 MEDIUM | 6.8 MEDIUM |
Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call. | |||||
CVE-2016-2114 | 2 Canonical, Samba | 2 Ubuntu Linux, Samba | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream. | |||||
CVE-2016-3517 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect integrity via vectors related to PC / Get Shortcut. | |||||
CVE-2015-0265 | 1 Apache | 1 Ranger | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header. |