Total
65436 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-8336 | 1 Huawei | 2 Fusioncompute, Fusioncompute Firmware | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Huawei FusionCompute with software before V100R005C10SPC700 allows remote authenticated users to obtain sensitive "role and permission" information via unspecified vectors. | |||||
CVE-2016-5470 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2023-12-10 | 7.1 HIGH | 6.5 MEDIUM |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality via vectors related to Application Designer. | |||||
CVE-2016-3950 | 1 Huawei | 2 Ar3200, Ar3200 Firmware | 2023-12-10 | 6.8 MEDIUM | 6.5 MEDIUM |
Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets. | |||||
CVE-2016-4652 | 1 Apple | 1 Mac Os X | 2023-12-10 | 3.3 LOW | 6.3 MEDIUM |
CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read), via unspecified vectors. | |||||
CVE-2016-3166 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
CRLF injection vulnerability in the drupal_set_header function in Drupal 6.x before 6.38, when used with PHP before 5.1.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP headers. | |||||
CVE-2015-8740 | 1 Wireshark | 1 Wireshark | 2023-12-10 | 4.3 MEDIUM | 5.3 MEDIUM |
The dissect_tds7_colmetadata_token function in epan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x before 2.0.1 does not validate the number of columns, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. | |||||
CVE-2016-2350 | 1 Accellion | 1 File Transfer Appliance | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) getimageajax.php, (2) move_partition_frame.html, or (3) wmInfo.html. | |||||
CVE-2016-1494 | 3 Fedoraproject, Opensuse, Python | 4 Fedora, Leap, Opensuse and 1 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack. | |||||
CVE-2016-2012 | 1 Hp | 1 Network Node Manager I | 2023-12-10 | 7.5 HIGH | 6.5 MEDIUM |
HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to bypass authentication via unspecified vectors. | |||||
CVE-2016-2390 | 1 Squid-cache | 1 Squid | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message. | |||||
CVE-2016-6420 | 1 Cisco | 1 Firesight System Software | 2023-12-10 | 6.8 MEDIUM | 6.5 MEDIUM |
Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower Management Center allows remote authenticated users to bypass authorization checks and gain privileges via a crafted HTTP request, aka Bug ID CSCur25467. | |||||
CVE-2016-8910 | 4 Debian, Opensuse, Qemu and 1 more | 6 Debian Linux, Leap, Qemu and 3 more | 2023-12-10 | 2.1 LOW | 6.0 MEDIUM |
The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count. | |||||
CVE-2016-1258 | 1 Juniper | 1 Junos | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Embedthis Appweb, as used in J-Web in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2X51 before 13.2X51-D20, 13.3 before 13.3R8, 14.1 before 14.1R6, and 14.2 before 14.2R5, allows remote attackers to cause a denial of service (J-Web crash) via unspecified vectors. | |||||
CVE-2016-3724 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration. | |||||
CVE-2016-5250 | 1 Mozilla | 1 Firefox | 2023-12-10 | 5.0 MEDIUM | 4.3 MEDIUM |
Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls. | |||||
CVE-2016-5532 | 1 Oracle | 1 Shipping Execution | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Unspecified vulnerability in the Oracle Shipping Execution component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality via vectors related to Workflow Events. | |||||
CVE-2015-1776 | 1 Apache | 1 Hadoop | 2023-12-10 | 2.1 LOW | 6.2 MEDIUM |
Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature is enabled, which allows local users to obtain sensitive information by reading the file. | |||||
CVE-2016-1707 | 1 Google | 1 Chrome | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof the URL display via a crafted web site. | |||||
CVE-2016-2532 | 1 Wireshark | 1 Wireshark | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. | |||||
CVE-2016-0030 | 1 Microsoft | 1 Exchange Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability." |