Total
66148 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-2528 | 1 Wireshark | 1 Wireshark | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. | |||||
CVE-2016-0894 | 1 Emc | 1 Rsa Data Loss Prevention | 2023-12-10 | 6.5 MEDIUM | 6.3 MEDIUM |
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to bypass intended object access restrictions via a modified parameter. | |||||
CVE-2016-2153 | 1 Moodle | 1 Moodle | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the advanced-search feature in mod_data in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted field in a URL, as demonstrated by a search form field. | |||||
CVE-2016-4707 | 1 Apple | 2 Iphone Os, Mac Os X | 2023-12-10 | 2.1 LOW | 4.0 MEDIUM |
CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors. | |||||
CVE-2016-4170 | 1 Adobe | 1 Experience Manager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2016-3878 | 1 Google | 1 Android | 2023-12-10 | 7.1 HIGH | 5.5 MEDIUM |
decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-09-01 mishandles the case of decoding zero MBs, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29493002. | |||||
CVE-2016-1424 | 1 Cisco | 1 Ios | 2023-12-10 | 6.1 MEDIUM | 6.5 MEDIUM |
Cisco IOS 15.2(1)T1.11 and 15.2(2)TST allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun63132. | |||||
CVE-2016-3923 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The Accessibility services in Android 7.0 before 2016-10-01 mishandle motion events, which allows attackers to conduct touchjacking attacks and consequently gain privileges via a crafted application, aka internal bug 30647115. | |||||
CVE-2016-1987 | 1 Hp | 1 Hp-ux Ipfilter | 2023-12-10 | 2.6 LOW | 5.9 MEDIUM |
HPE IPFilter A.11.31.18.21 on HP-UX, when a certain keep-state configuration is enabled, allows remote attackers to cause a denial of service via unspecified UDP packets. | |||||
CVE-2016-5268 | 1 Mozilla | 1 Firefox | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to conduct spoofing attacks via a crafted URL, as demonstrated by misleading text after an about:neterror?d= substring. | |||||
CVE-2016-5954 | 1 Ibm | 1 Websphere Portal | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF30, 8.0.0 through 8.0.0.1 CF21, and 8.5.0 before CF12 allows remote authenticated users to cause a denial of service by uploading temporary files. | |||||
CVE-2016-3509 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2023-12-10 | 4.9 MEDIUM | 5.4 MEDIUM |
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality and integrity via vectors related to File Folders / URL Attachment. | |||||
CVE-2015-6485 | 1 Schneider-electric | 8 Sage 1410, Sage 1430, Sage 1450 and 5 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Schneider Electric Telvent Sage 2300 RTUs with firmware before C3413-500-S01, and LANDAC II-2, Sage 1410, Sage 1430, Sage 1450, Sage 2400, and Sage 3030M RTUs with firmware before C3414-500-S02J2, allow remote attackers to obtain sensitive information from device memory by reading a padding field of an Ethernet packet. | |||||
CVE-2016-5554 | 1 Oracle | 2 Jdk, Jre | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to JMX. | |||||
CVE-2016-9189 | 2 Debian, Python | 2 Debian Linux, Pillow | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component. | |||||
CVE-2016-5660 | 1 Accela | 1 Civic Platform | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in AttachmentsList.aspx in Accela Civic Platform Citizen Access portal allows remote attackers to inject arbitrary web script or HTML via the iframeid parameter. | |||||
CVE-2015-5337 | 1 Moodle | 1 Moodle | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly restrict the availability of Flowplayer, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted .swf file. | |||||
CVE-2016-1000133 | 1 Designsandcode | 1 Forget About Shortcode Buttons | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1 | |||||
CVE-2016-1141 | 1 Kddi | 2 Home Spot Cube, Home Spot Cube Firmware | 2023-12-10 | 6.5 MEDIUM | 4.7 MEDIUM |
KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. | |||||
CVE-2014-9767 | 2 Hiphop Virtual Machine For Php Project, Php | 2 Hiphop Virtual Machine For Php, Php | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive. |