Total
66140 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3549 | 1 Oracle | 1 E-business Suite Secure Enterprise Search | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Unspecified vulnerability in the Oracle E-Business Suite Secure Enterprise Search component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vectors related to Search Integration Engine. | |||||
| CVE-2013-7440 | 1 Python | 1 Python | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate. | |||||
| CVE-2016-5540 | 1 Oracle | 1 Micros Xstore Payment | 2023-12-10 | 3.3 LOW | 6.7 MEDIUM |
| Unspecified vulnerability in the Oracle Retail Xstore Payment component in Oracle Retail Applications 1.x allows local users to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2016-5021 | 1 F5 | 16 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 13 more | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x before 11.6.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 allows remote authenticated administrators to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-0812 | 1 Google | 1 Android | 2023-12-10 | 6.6 MEDIUM | 6.1 MEDIUM |
| The interceptKeyBeforeDispatching function in policy/src/com/android/internal/policy/impl/PhoneWindowManager.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.0 before 2016-02-01 does not properly check for setup completion, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25229538. | |||||
| CVE-2015-7794 | 1 Corega | 1 Cg-wlncm4g Firmware | 2023-12-10 | 5.0 MEDIUM | 5.8 MEDIUM |
| Corega CG-WLNCM4G devices provide an open DNS resolver, which allows remote attackers to cause a denial of service (traffic amplification) via crafted queries. | |||||
| CVE-2016-2040 | 3 Fedoraproject, Opensuse, Phpmyadmin | 4 Fedora, Leap, Opensuse and 1 more | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header. | |||||
| CVE-2016-6197 | 2 Linux, Oracle | 3 Linux Kernel, Linux, Vm Server | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
| fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink. | |||||
| CVE-2016-4827 | 1 Collne | 1 Welcart E-commerce | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826. | |||||
| CVE-2016-1000143 | 1 Photoxhibit Project | 1 Photoxhibit | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin photoxhibit v2.1.8 | |||||
| CVE-2016-4079 | 3 Debian, Oracle, Wireshark | 3 Debian Linux, Solaris, Wireshark | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) via a crafted packet. | |||||
| CVE-2016-0293 | 1 Ibm | 1 Bigfix Platform | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.1.8 and 9.2.x before 9.2.8 allows remote attackers to inject arbitrary web script or HTML via a modified .beswrpt file. | |||||
| CVE-2016-6398 | 1 Cisco | 1 Ios | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| The PPTP server in Cisco IOS 15.5(3)M does not properly initialize packet buffers, which allows remote attackers to obtain sensitive information from earlier network communication by reading packet data, aka Bug ID CSCvb16274. | |||||
| CVE-2015-8665 | 1 Libtiff | 1 Libtiff | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image. | |||||
| CVE-2016-3320 | 2 Fedoraproject, Microsoft | 5 Fedora, Windows 10, Windows 8.1 and 2 more | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow attackers to bypass the Secure Boot protection mechanism by leveraging (1) administrative or (2) physical access to install a crafted boot manager, aka "Secure Boot Security Feature Bypass." | |||||
| CVE-2016-2190 | 1 Moodle | 1 Moodle | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log. | |||||
| CVE-2016-2426 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| server/content/ContentService.java in the Framework component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a GET_ACCOUNTS permission, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 26094635. | |||||
| CVE-2016-3094 | 1 Apache | 1 Qpid Broker-j | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service (broker termination) via a crafted authentication attempt, which triggers an uncaught exception. | |||||
| CVE-2016-5976 | 1 Ibm | 1 Tealeaf Customer Experience | 2023-12-10 | 2.6 LOW | 4.9 MEDIUM |
| The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to discover component passwords via unspecified vectors. | |||||
| CVE-2016-1948 | 2 Google, Mozilla | 2 Android, Firefox | 2023-12-10 | 4.3 MEDIUM | 5.3 MEDIUM |
| Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modifying the client-server data stream. | |||||