Total
65451 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0190 | 1 Microsoft | 3 Windows 8.1, Windows Rt 8.1, Windows Server 2012 | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| Volume Manager Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 does not properly check whether RemoteFX RDP USB disk accesses originate from the user who mounted a disk, which allows local users to read arbitrary files on these disks via RemoteFX requests, aka "Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability." | |||||
| CVE-2016-7042 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 4.9 MEDIUM | 6.2 MEDIUM |
| The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file. | |||||
| CVE-2015-8767 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2023-12-10 | 4.9 MEDIUM | 6.2 MEDIUM |
| net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. | |||||
| CVE-2016-3232 | 1 Microsoft | 1 Windows Server 2012 | 2023-12-10 | 2.1 LOW | 5.0 MEDIUM |
| The Virtual PCI (VPCI) virtual service provider in Microsoft Windows Server 2012 Gold and R2 allows local users to obtain sensitive information from uninitialized memory locations via a crafted application, aka "Windows Virtual PCI Information Disclosure Vulnerability." | |||||
| CVE-2016-1501 | 1 Owncloud | 1 Owncloud | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote authenticated users to obtain sensitive information via unspecified vectors, which reveals the installation path in the resulting exception messages. | |||||
| CVE-2016-2185 | 3 Canonical, Linux, Novell | 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more | 2023-12-10 | 4.9 MEDIUM | 4.6 MEDIUM |
| The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. | |||||
| CVE-2015-5272 | 1 Moodle | 1 Moodle | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Forum module in Moodle 2.7.x before 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to "all participants." | |||||
| CVE-2016-3899 | 1 Google | 1 Android | 2023-12-10 | 7.1 HIGH | 5.5 MEDIUM |
| OMXCodec.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not validate a certain pointer, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29421811. | |||||
| CVE-2016-5731 | 2 Opensuse, Phpmyadmin | 3 Leap, Opensuse, Phpmyadmin | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message. | |||||
| CVE-2016-7965 | 1 Dokuwiki | 1 Dokuwiki | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the baseurl setting as part of the password-reset URL. This can lead to phishing attacks. (A remote unauthenticated attacker can change the URL's hostname via the HTTP Host header.) The vulnerability can be triggered only if the Host header is not part of the web server routing process (e.g., if several domains are served by the same web server). | |||||
| CVE-2015-8226 | 1 Huawei | 2 Ale Firmware, Gem-703l Firmware | 2023-12-10 | 7.1 HIGH | 5.5 MEDIUM |
| The Joint Photographic Experts Group Processing Unit (JPU) driver in Huawei ALE smartphones with software before ALE-UL00C00B220 and ALE-TL00C01B220 and GEM-703L smartphones with software before V100R001C233B111 allows remote attackers to cause a denial of service (crash) via a crafted application with the system or camera permission, a different vulnerability than CVE-2015-8225. | |||||
| CVE-2016-4084 | 1 Wireshark | 1 Wireshark | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 allows remote attackers to cause a denial of service (integer overflow and application crash) via a crafted packet that triggers an unexpected array size. | |||||
| CVE-2016-3569 | 1 Oracle | 1 Primavera P6 Enterprise Project Portfolio Management | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3570, CVE-2016-3571, and CVE-2016-3573. | |||||
| CVE-2016-6149 | 1 Sap | 1 Hana Sps09 | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain sensitive information by leveraging the EXPORT statement to export files, aka SAP Security Note 2252941. | |||||
| CVE-2016-5653 | 1 Misys | 1 Fusioncapital Opics Plus | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Multiple SQL injection vulnerabilities in Misys FusionCapital Opics Plus allow remote authenticated users to execute arbitrary SQL commands via the (1) ID or (2) Branch parameter. | |||||
| CVE-2015-8731 | 1 Wireshark | 1 Wireshark | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. | |||||
| CVE-2016-2865 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Team Concert | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| The GIT Integration component in IBM Rational Team Concert (RTC) 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 and Rational Collaborative Lifecycle Management 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 allows remote authenticated users to obtain sensitive information via a malformed request. | |||||
| CVE-2016-3879 | 1 Google | 1 Android | 2023-12-10 | 7.1 HIGH | 5.5 MEDIUM |
| arm-wt-22k/lib_src/eas_mdls.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows remote attackers to cause a denial of service (NULL pointer dereference, and device hang or reboot) via a crafted media file, aka internal bug 29770686. | |||||
| CVE-2016-2774 | 3 Canonical, Debian, Isc | 3 Ubuntu Linux, Debian Linux, Dhcp | 2023-12-10 | 7.1 HIGH | 5.9 MEDIUM |
| ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions. | |||||
| CVE-2016-0181 | 1 Microsoft | 1 Windows 10 | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| Microsoft Windows 10 Gold and 1511 allows local users to bypass the Virtual Secure Mode Hypervisor Code Integrity (HVCI) protection mechanism and perform RWX markings of kernel-mode pages via a crafted application, aka "Hypervisor Code Integrity Security Feature Bypass." | |||||