Vulnerabilities (CVE)

Total 65901 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-4561 2 Debian, Ikiwiki 2 Debian Linux, Ikiwiki 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.
CVE-2016-0864 1 Tollgrade 1 Smartgrid Lighthouse Sensor Management System 2023-12-10 5.0 MEDIUM 5.3 MEDIUM
Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to obtain sensitive report and username information via unspecified vectors.
CVE-2016-0133 1 Microsoft 6 Windows 10, Windows 7, Windows 8.1 and 3 more 2023-12-10 7.2 HIGH 6.8 MEDIUM
The USB Mass Storage Class driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows physically proximate attackers to execute arbitrary code by inserting a crafted USB device, aka "USB Mass Storage Elevation of Privilege Vulnerability."
CVE-2015-8679 1 Huawei 4 Mate S, Mate S Firmware, P8 and 1 more 2023-12-10 7.1 HIGH 5.5 MEDIUM
The Maxim_smartpa_dev driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allow attackers to cause a denial of service (system crash) via a crafted application, which triggers an invalid memory access.
CVE-2015-8923 3 Canonical, Libarchive, Novell 5 Ubuntu Linux, Libarchive, Suse Linux Enterprise Desktop and 2 more 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.
CVE-2016-1485 1 Cisco 1 Identity Services Engine Software 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine 1.3(0.876) allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva46497.
CVE-2016-1787 1 Apple 1 Mac Os X Server 2023-12-10 5.0 MEDIUM 5.3 MEDIUM
Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors.
CVE-2016-5331 1 Vmware 2 Esxi, Vcenter Server 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
CVE-2014-8177 1 Redhat 4 Enterprise Linux, Gluster Storage Management Console, Gluster Storage Server and 1 more 2023-12-10 4.0 MEDIUM 6.5 MEDIUM
The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit when combined.
CVE-2016-0678 1 Oracle 1 Vm Virtualbox 2023-12-10 4.1 MEDIUM 6.7 MEDIUM
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.18 allows local users to affect confidentiality, integrity, and availability via vectors related to Core.
CVE-2016-1732 1 Apple 1 Mac Os X 2023-12-10 2.1 LOW 5.5 MEDIUM
AppleRAID in Apple OS X before 10.11.4 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2015-8777 1 Gnu 1 Glibc 2023-12-10 2.1 LOW 5.5 MEDIUM
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
CVE-2016-1140 1 Kddi 2 Home Spot Cube, Home Spot Cube Firmware 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unspecified vectors.
CVE-2015-4178 1 Linux 1 Linux Kernel 2023-12-10 4.9 MEDIUM 5.5 MEDIUM
The fs_pin implementation in the Linux kernel before 4.0.5 does not ensure the internal consistency of a certain list data structure, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call, related to fs/fs_pin.c and include/linux/fs_pin.h.
CVE-2016-4500 1 Moxa 2 Uc-7408 Lx-plus, Uc-7408 Lx-plus Firmware 2023-12-10 4.9 MEDIUM 5.8 MEDIUM
Moxa UC-7408 LX-Plus devices allow remote authenticated users to write to the firmware, and consequently render a device unusable, by leveraging root access.
CVE-2016-0169 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0168.
CVE-2016-0775 2 Debian, Python 2 Debian Linux, Pillow 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.
CVE-2015-5207 1 Apache 1 Cordova 2023-12-10 7.5 HIGH 5.3 MEDIUM
Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources by leveraging unspecified methods.
CVE-2016-5160 2 Google, Opensuse 2 Chrome, Leap 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5162.
CVE-2016-2925 1 Ibm 1 Websphere Portal 2023-12-10 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before CF10 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.