Total
66144 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-1571 | 2 Citrix, Xen | 2 Xenserver, Xen | 2023-12-10 | 4.7 MEDIUM | 6.3 MEDIUM |
The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check. | |||||
CVE-2015-4943 | 1 Ibm | 1 Websphere Mq Light | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-2015-4942. | |||||
CVE-2016-0039 | 1 Microsoft | 1 Sharepoint Foundation | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in SharePoint Server in Microsoft SharePoint Foundation 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability." | |||||
CVE-2015-7447 | 1 Ibm | 1 Websphere Portal | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF09 allows remote attackers to bypass intended Portal AccessControl REST API access restrictions and obtain sensitive information via unspecified vectors. | |||||
CVE-2016-0818 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows man-in-the-middle attackers to spoof servers by leveraging access to an intermediate CA to issue a certificate, aka internal bug 26232830. | |||||
CVE-2016-4968 | 1 Fortinet | 1 Fortiwan | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request. | |||||
CVE-2016-5997 | 1 Ibm | 1 Tealeaf Customer Experience | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 does not apply password-quality rules to password changes, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
CVE-2016-5282 | 1 Mozilla | 1 Firefox | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource. | |||||
CVE-2016-1626 | 3 Debian, Google, Opensuse | 3 Debian Linux, Chrome, Opensuse | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, miscalculates a certain layer index value, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document. | |||||
CVE-2015-8660 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 7.2 HIGH | 6.7 MEDIUM |
The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. | |||||
CVE-2016-4497 | 1 Panasonic | 1 Fpwin Pro | 2023-12-10 | 6.8 MEDIUM | 4.2 MEDIUM |
Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | |||||
CVE-2016-6404 | 1 Cisco | 1 Ios | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the web framework in Cisco IOx Local Manager in IOS 15.5(2)T and IOS XE allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy19854. | |||||
CVE-2016-7099 | 2 Nodejs, Suse | 2 Node.js, Linux Enterprise | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. | |||||
CVE-2015-8484 | 1 Cybozu | 1 Office | 2023-12-10 | 5.5 MEDIUM | 5.4 MEDIUM |
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified vectors, a different vulnerability than CVE-2015-8485, CVE-2015-8486, and CVE-2016-1152. | |||||
CVE-2016-4421 | 1 Wireshark | 1 Wireshark | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifies deeply nested data. | |||||
CVE-2016-4003 | 1 Apache | 1 Struts | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter. | |||||
CVE-2016-5845 | 1 Sap | 1 Sapcar | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
SAP SAPCAR does not check the return value of file operations when extracting files, which allows remote attackers to cause a denial of service (program crash) via an invalid file name in an archive file, aka SAP Security Note 2312905. | |||||
CVE-2015-8749 | 1 Openstack | 1 Nova | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors. | |||||
CVE-2016-5107 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2023-12-10 | 1.9 LOW | 6.0 MEDIUM |
The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds read and crash) via unspecified vectors. | |||||
CVE-2016-1734 | 1 Apple | 2 Iphone Os, Mac Os X | 2023-12-10 | 7.2 HIGH | 6.8 MEDIUM |
AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted USB device. |