Total
66066 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-2896 | 1 Idera | 1 Uptime Infrastructure Monitor | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The up.time client in Idera Uptime Infrastructure Monitor through 7.6 allows remote attackers to obtain potentially sensitive version, OS, process, and event-log information via a command. | |||||
CVE-2015-8760 | 1 Typo3 | 1 Typo3 | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka "Cross-Site Flashing." | |||||
CVE-2016-1776 | 1 Apple | 1 Mac Os X Server | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request. | |||||
CVE-2016-4603 | 1 Apple | 1 Iphone Os | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
Web Media in Apple iOS before 9.3.3 allows attackers to bypass the Private Browsing protection mechanism and obtain sensitive video URL information by leveraging Safari View Controller misbehavior. | |||||
CVE-2016-5502 | 1 Oracle | 1 Flexcube Universal Banking | 2023-12-10 | 5.5 MEDIUM | 5.4 MEDIUM |
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3 allows remote authenticated users to affect confidentiality and integrity via vectors related to INFRA. | |||||
CVE-2016-1569 | 1 Firebirdsql | 1 Firebird | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
FireBird 2.5.5 allows remote authenticated users to cause a denial of service (daemon crash) by using service manager to invoke the gbak utility with an invalid parameter. | |||||
CVE-2016-3827 | 1 Google | 1 Android | 2023-12-10 | 7.1 HIGH | 5.5 MEDIUM |
codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28816956. | |||||
CVE-2015-8845 | 3 Linux, Novell, Suse | 8 Linux Kernel, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 5 more | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. | |||||
CVE-2016-3525 | 1 Oracle | 1 Applications Manager | 2023-12-10 | 5.4 MEDIUM | 5.9 MEDIUM |
Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality via vectors related to Cookie Management. | |||||
CVE-2015-4991 | 1 Ibm | 1 Spss Modeler | 2023-12-10 | 2.1 LOW | 4.0 MEDIUM |
IBM SPSS Modeler 14.2 through FP3 IF027, 15 through FP3 IF015, 16 through FP2 IF012, 17 through FP1 IF018, and 17.1 through IF008 includes unspecified cleartext data in memory dumps, which allows local users to obtain sensitive information by reading a dump file. | |||||
CVE-2016-2825 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Leap and 1 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL. | |||||
CVE-2015-7513 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-12-10 | 4.9 MEDIUM | 6.5 MEDIUM |
arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions. | |||||
CVE-2016-2043 | 3 Fedoraproject, Opensuse, Phpmyadmin | 4 Fedora, Leap, Opensuse and 1 more | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page. | |||||
CVE-2016-2545 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 4.7 MEDIUM | 5.1 MEDIUM |
The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race condition and system crash) via a crafted ioctl call. | |||||
CVE-2016-5699 | 1 Python | 1 Python | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL. | |||||
CVE-2016-3501 | 2 Canonical, Oracle | 2 Ubuntu Linux, Mysql | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. | |||||
CVE-2016-0377 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
The Administrative Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, and 8.5.x before 8.5.5.10 mishandles CSRFtoken cookies, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
CVE-2016-3315 | 1 Microsoft | 2 Onenote, Onenote For Mac | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka "Microsoft OneNote Information Disclosure Vulnerability." | |||||
CVE-2016-3882 | 1 Google | 1 Android | 2023-12-10 | 6.1 MEDIUM | 6.5 MEDIUM |
Off-by-one error in server/wifi/anqp/VenueNameElement.java in Wi-Fi in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service (reboot) via an access point that provides a crafted (1) Venue Group or (2) Venue Type value, aka internal bug 29464811. | |||||
CVE-2016-6440 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. More Information: CSCuz64683 CSCuz64698. Known Affected Releases: 11.0(1.10000.10), 11.5(1.10000.6), 11.5(0.99838.4). Known Fixed Releases: 11.0(1.22048.1), 11.5(0.98000.1070), 11.5(0.98000.284)11.5(0.98000.346), 11.5(0.98000.768), 11.5(1.10000.3), 11.5(1.10000.6), 11.5(2.10000.2). |