Total
65432 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-5510 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors. | |||||
CVE-2015-5479 | 3 Libav, Opensuse, Ubuntu | 3 Libav, Leap, Ubuntu | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions. | |||||
CVE-2016-1000140 | 1 New-year-firework Project | 1 New-year-firework | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Reflected XSS in wordpress plugin new-year-firework v1.1.9 | |||||
CVE-2016-1596 | 1 Novell | 1 Service Desk | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain (1) user name, (2) tf_aClientFirstName, (3) tf_aClientLastName, (4) ta_selectedTopicContent, (5) tf_orgUnitName, (6) tf_aManufacturerFullName, (7) tf_aManufacturerName, (8) tf_aManufacturerAddress, or (9) tf_aManufacturerCity parameter. | |||||
CVE-2016-4718 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Buffer overflow in FontParser in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory via a crafted font file. | |||||
CVE-2015-1000004 | 1 Filedownload Project | 1 Filedownload | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS in filedownload v1.4 wordpress plugin | |||||
CVE-2016-5025 | 1 Nvidia | 40 Geforce 910m, Geforce 920m, Geforce 920mx and 37 more | 2023-12-10 | 6.1 MEDIUM | 6.6 MEDIUM |
For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVAPI support layer causes a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers. | |||||
CVE-2016-5533 | 1 Oracle | 1 Primavera P6 Enterprise Project Portfolio Management | 2023-12-10 | 5.5 MEDIUM | 5.4 MEDIUM |
Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.4, 15.x, and 16.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||||
CVE-2016-3918 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
email/provider/AttachmentProvider.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not ensure that certain values are integers, which allows attackers to read arbitrary attachments via a crafted application that provides a pathname value, aka internal bug 30745403. | |||||
CVE-2016-2188 | 3 Canonical, Linux, Novell | 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more | 2023-12-10 | 4.9 MEDIUM | 4.6 MEDIUM |
The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. | |||||
CVE-2016-0230 | 1 Ibm | 1 Hardware Management Console | 2023-12-10 | 7.2 HIGH | 6.8 MEDIUM |
IBM Power Hardware Management Console (HMC) 7.3 through 7.3.0 SP7, 7.9 through 7.9.0 SP3, 8.1 through 8.1.0 SP3, 8.2 through 8.2.0 SP2, 8.3 through 8.3.0 SP2, 8.4 through 8.4.0 SP1, and 8.5.0 allows physically proximate attackers to obtain root access via unspecified vectors. | |||||
CVE-2016-1000154 | 1 Browserweb | 1 Whizz | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Reflected XSS in wordpress plugin whizz v1.0.7 | |||||
CVE-2016-9117 | 1 Uclouvain | 1 Openjpeg | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. | |||||
CVE-2016-7386 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70000D4 which may lead to leaking of kernel memory contents to user space through an uninitialized buffer. | |||||
CVE-2016-1000114 | 1 Huge-it | 1 Gallery | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS in huge IT gallery v1.1.5 for Joomla | |||||
CVE-2016-2782 | 2 Linux, Suse | 8 Linux Kernel, Linux Enterprise Debuginfo, Linux Enterprise Desktop and 5 more | 2023-12-10 | 4.9 MEDIUM | 4.6 MEDIUM |
The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint. | |||||
CVE-2016-0365 | 1 Ibm | 1 Urbancode Deploy | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1, when agent-relay Codestation artifact caching is enabled, allows remote attackers to bypass authentication and obtain sensitive artifact information via unspecified vectors. | |||||
CVE-2015-5447 | 1 Hp | 1 Storeonce Backup System Software | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2016-6212 | 1 Drupal | 1 Drupal | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The Views module 7.x-3.x before 7.x-3.14 in Drupal 7.x and the Views module in Drupal 8.x before 8.1.3 might allow remote authenticated users to bypass intended access restrictions and obtain sensitive Statistics information via unspecified vectors. | |||||
CVE-2015-7795 | 1 Cybozu | 1 Office | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150. |