Total
66146 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-8537 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed. | |||||
CVE-2016-5631 | 1 Oracle | 1 Mysql | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached. | |||||
CVE-2016-3649 | 1 Symantec | 1 Endpoint Protection Manager | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated administrators to enumerate administrator accounts via modified GET requests. | |||||
CVE-2016-4499 | 1 Panasonic | 1 Fpwin Pro | 2023-12-10 | 4.4 MEDIUM | 4.2 MEDIUM |
Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (application crash) via unspecified vectors. | |||||
CVE-2015-1928 | 1 Ibm | 8 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 5 more | 2023-12-10 | 3.5 LOW | 6.8 MEDIUM |
Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.x before 6.0.0 IF4; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.0 before 6.0.0 IF4; Rational Engineering Lifecycle Manager (RELM) 4.0.3 through 4.0.7, 5.0 through 5.0.2, and 6.0.0; Rational Rhapsody Design Manager (DM) 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0.0; and Rational Software Architect Design Manager (DM) 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0.0 allows remote authenticated users to conduct clickjacking attacks via a crafted web site. | |||||
CVE-2014-9893 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28747914 and Qualcomm internal bug CR542223. | |||||
CVE-2016-1807 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2023-12-10 | 1.9 LOW | 5.1 MEDIUM |
Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors. | |||||
CVE-2015-5036 | 1 Ibm | 1 Connections | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-5035. | |||||
CVE-2016-2112 | 2 Canonical, Samba | 2 Ubuntu Linux, Samba | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream. | |||||
CVE-2016-1000137 | 1 Hero-maps-pro Project | 1 Hero-maps-pro | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Reflected XSS in wordpress plugin hero-maps-pro v2.1.0 | |||||
CVE-2016-3853 | 1 Google | 1 Android | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
Google Play services in Android before 2016-08-05 on Nexus devices allow local users to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26803208. | |||||
CVE-2016-3060 | 1 Ibm | 1 Financial Transaction Manager | 2023-12-10 | 3.5 LOW | 5.7 MEDIUM |
Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site. | |||||
CVE-2016-5448 | 1 Oracle | 1 Integrated Lights Out Manager Firmware | 2023-12-10 | 6.4 MEDIUM | 6.5 MEDIUM |
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity and availability via vectors related to SNMP. | |||||
CVE-2016-3136 | 3 Canonical, Linux, Novell | 9 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 6 more | 2023-12-10 | 4.9 MEDIUM | 4.6 MEDIUM |
The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors. | |||||
CVE-2016-0244 | 1 Ibm | 1 Websphere Portal | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0243. | |||||
CVE-2016-3486 | 2 Canonical, Oracle | 2 Ubuntu Linux, Mysql | 2023-12-10 | 6.8 MEDIUM | 6.5 MEDIUM |
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS. | |||||
CVE-2016-1175 | 1 Sharp | 2 Aquos Hn-pp150, Aquos Hn-pp150 Firmware | 2023-12-10 | 5.8 MEDIUM | 4.3 MEDIUM |
Cross-site request forgery (CSRF) vulnerability in AQUOS Photo Player HN-PP150 1.02.00.04 through 1.03.01.04 allows remote attackers to hijack the authentication of arbitrary users. | |||||
CVE-2015-7396 | 1 Ibm | 9 Maximo Asset Management, Maximo Asset Management Essentials, Maximo For Government and 6 more | 2023-12-10 | 5.5 MEDIUM | 5.4 MEDIUM |
The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Control Desk allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or modify data, via unspecified vectors. | |||||
CVE-2016-2528 | 1 Wireshark | 1 Wireshark | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. | |||||
CVE-2016-0894 | 1 Emc | 1 Rsa Data Loss Prevention | 2023-12-10 | 6.5 MEDIUM | 6.3 MEDIUM |
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to bypass intended object access restrictions via a modified parameter. |