Vulnerabilities (CVE)

Total 66146 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5268 1 Moodle 1 Moodle 2023-12-10 4.0 MEDIUM 4.3 MEDIUM
The rating component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 mishandles group-based authorization checks, which allows remote authenticated users to obtain sensitive information by reading a rating value.
CVE-2016-3201 1 Microsoft 4 Edge, Windows 10, Windows 8.1 and 1 more 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3215.
CVE-2016-6298 1 Jwcrypto Project 1 Jwcrypto 2023-12-10 4.3 MEDIUM 5.3 MEDIUM
The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).
CVE-2016-1366 1 Cisco 1 Ios Xr 2023-12-10 6.8 MEDIUM 6.5 MEDIUM
The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on Network Convergence System 6000 devices use weak permissions for system files, which allows remote authenticated users to cause a denial of service (overwrite) via unspecified vectors, aka Bug ID CSCuw75848.
CVE-2015-7415 1 Ibm 1 Urbancode Deploy 2023-12-10 3.5 LOW 5.4 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in IBM UrbanCode Deploy 6.0 before 6.0.1.12, 6.1 before 6.1.3.2, and 6.2 before 6.2.0.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2016-6438 1 Cisco 1 Ios Xe 2023-12-10 4.3 MEDIUM 5.9 MEDIUM
A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a configuration integrity change to the vty line configuration on an affected device. This vulnerability affects the following releases of Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers: All 3.16S releases, All 3.17S releases, Release 3.18.0S, Release 3.18.1S, Release 3.18.0SP. More Information: CSCuz62815. Known Affected Releases: 15.5(3)S2.9, 15.6(2)SP. Known Fixed Releases: 15.6(1.7)SP1, 16.4(0.183), 16.5(0.1).
CVE-2016-4567 2 Mediaelementjs, Wordpress 2 Mediaelement.js, Wordpress 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn."
CVE-2016-2822 4 Canonical, Debian, Mozilla and 1 more 6 Ubuntu Linux, Debian Linux, Firefox and 3 more 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.
CVE-2016-3908 1 Google 1 Android 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
The Lock Settings Service in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows attackers to remove a device's PIN or password, and consequently gain privileges, via a crafted application, aka internal bug 30003944.
CVE-2015-8373 1 Isc 1 Kea 2023-12-10 7.1 HIGH 6.8 MEDIUM
The kea-dhcp4 and kea-dhcp6 servers 0.9.2 and 1.0.0-beta in ISC Kea, when certain debugging settings are used, allow remote attackers to cause a denial of service (daemon crash) via a malformed packet.
CVE-2015-7578 1 Rubyonrails 2 Html Sanitizer, Rails 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes.
CVE-2016-8660 1 Linux 1 Linux Kernel 2023-12-10 4.9 MEDIUM 5.5 MEDIUM
The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation."
CVE-2016-0893 1 Emc 1 Rsa Data Loss Prevention 2023-12-10 4.0 MEDIUM 4.3 MEDIUM
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to obtain sensitive information by reading error messages.
CVE-2015-8715 1 Wireshark 1 Wireshark 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
CVE-2016-1316 1 Cisco 1 Telepresence Video Communication Server Software 2023-12-10 5.0 MEDIUM 5.3 MEDIUM
Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362.
CVE-2016-3126 1 Blackberry 1 Enterprise Server 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2016-1772 1 Apple 1 Safari 2023-12-10 4.3 MEDIUM 4.3 MEDIUM
The Top Sites feature in Apple Safari before 9.1 mishandles cookie storage, which makes it easier for remote web servers to track users via unspecified vectors.
CVE-2016-3215 1 Microsoft 4 Edge, Windows 10, Windows 8.1 and 1 more 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3201.
CVE-2016-3391 1 Microsoft 2 Edge, Internet Explorer 2023-12-10 2.6 LOW 5.3 MEDIUM
Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow context-dependent attackers to discover credentials by leveraging access to a memory dump, aka "Microsoft Browser Information Disclosure Vulnerability."
CVE-2015-3182 1 Wireshark 1 Wireshark 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.