Total
65987 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-2775 | 4 Fedoraproject, Hp, Isc and 1 more | 9 Fedora, Hp-ux, Bind and 6 more | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. | |||||
CVE-2016-6132 | 3 Debian, Libgd, Opensuse | 3 Debian Linux, Libgd, Leap | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. | |||||
CVE-2016-1000149 | 1 Simpel-reserveren Project | 1 Simpel-reserveren | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Reflected XSS in wordpress plugin simpel-reserveren v3.5.2 | |||||
CVE-2016-1440 | 1 Cisco | 1 Web Security Appliance | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The proxy process on Cisco Web Security Appliance (WSA) devices through 9.1.0-070 allows remote attackers to cause a denial of service (CPU consumption) by establishing an FTP session and then improperly terminating the control connection after a file transfer, aka Bug ID CSCuy43468. | |||||
CVE-2016-1938 | 2 Mozilla, Opensuse | 4 Firefox, Nss, Leap and 1 more | 2023-12-10 | 6.4 MEDIUM | 6.5 MEDIUM |
The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function. | |||||
CVE-2016-2304 | 1 Ecava | 1 Integraxor | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | |||||
CVE-2015-5035 | 1 Ibm | 1 Connections | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-5036. | |||||
CVE-2016-2202 | 1 Symantec | 1 Altiris It Management Suite | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
The Inventory Solution component in the Management Agent in the client in Symantec Altiris IT Management Suite (ITMS) through 7.6 HF7 allows local users to bypass intended application-blacklist restrictions via unspecified vectors. | |||||
CVE-2016-1431 | 1 Cisco | 1 Firepower Management Center | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur25516. | |||||
CVE-2016-3537 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2023-12-10 | 6.8 MEDIUM | 6.5 MEDIUM |
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to File Folders / Attachment, a different vulnerability than CVE-2016-5473. | |||||
CVE-2016-1188 | 1 Cybozu | 1 Garoon | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors. | |||||
CVE-2014-9896 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28767593 and Qualcomm internal bug CR551795. | |||||
CVE-2016-3379 | 1 Microsoft | 1 Exchange Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2016 Cumulative Update 1 and 2 allows remote attackers to inject arbitrary web script or HTML via a meeting-invitation request, aka "Microsoft Exchange Elevation of Privilege Vulnerability." | |||||
CVE-2015-8683 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image. | |||||
CVE-2016-9111 | 1 Citrix | 1 Receiver Desktop | 2023-12-10 | 4.6 MEDIUM | 6.8 MEDIUM |
Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection of a LAN cable. NOTE: as of 20161208, the vendor could not reproduce the issue, stating "the researcher was unable to provide us with information that would allow us to confirm the behaviour and, despite extensive investigation on test deployments of supported products, we were unable to reproduce the behaviour as he described. The researcher has also, despite additional requests for information, ceased to respond to us." | |||||
CVE-2016-5604 | 1 Oracle | 1 Enterprise Manager Base Platform | 2023-12-10 | 3.3 LOW | 6.3 MEDIUM |
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect confidentiality and integrity via vectors related to Security Framework, a different vulnerability than CVE-2016-3563. | |||||
CVE-2016-3550 | 1 Oracle | 3 Jdk, Jre, Linux | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot. | |||||
CVE-2016-1260 | 1 Juniper | 1 Junos | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Juniper Junos OS before 13.2X51-D36, 14.1X53 before 14.1X53-D25, and 15.2 before 15.2R1 on EX4300 series switches allow remote attackers to cause a denial of service (network loop and bandwidth consumption) via unspecified vectors related to Spanning Tree Protocol (STP) traffic. | |||||
CVE-2015-7242 | 1 Avm | 1 Fritz\! Os | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Push-Service-Mails feature in AVM FRITZ!OS before 6.30 allows remote attackers to inject arbitrary web script or HTML via the display name in the FROM field of an SIP INVITE message. | |||||
CVE-2016-1375 | 1 Cisco | 1 Ip Interoperability And Collaboration System | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Cisco IP Interoperability and Collaboration System 4.10(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy12339. |