Total
246364 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-0210 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Internet Explorer Elevation of Privilege Vulnerability." | |||||
CVE-2016-10014 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | |||||
CVE-2017-3884 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0) 2.0(4.0.45D). | |||||
CVE-2017-8077 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||||
CVE-2016-10273 | 1 Jensenofscandinavia | 1 Air\ | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
Multiple stack buffer overflow vulnerabilities in Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to execute arbitrary code or crash the web service via the (1) ateFunc, (2) ateGain, (3) ateTxCount, (4) ateChan, (5) ateRate, (6) ateMacID, (7) e2pTxPower1, (8) e2pTxPower2, (9) e2pTxPower3, (10) e2pTxPower4, (11) e2pTxPower5, (12) e2pTxPower6, (13) e2pTxPower7, (14) e2pTx2Power1, (15) e2pTx2Power2, (16) e2pTx2Power3, (17) e2pTx2Power4, (18) e2pTx2Power5, (19) e2pTx2Power6, (20) e2pTx2Power7, (21) ateTxFreqOffset, (22) ateMode, (23) ateBW, (24) ateAntenna, (25) e2pTxFreqOffset, (26) e2pTxPwDeltaB, (27) e2pTxPwDeltaG, (28) e2pTxPwDeltaMix, (29) e2pTxPwDeltaN, and (30) readE2P parameters of the /goform/formWlanMP endpoint. | |||||
CVE-2017-0551 | 1 Google | 1 Android | 2023-12-10 | 7.1 HIGH | 5.5 MEDIUM |
A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097231. | |||||
CVE-2014-9299 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-8870. Reason: This candidate is a duplicate of CVE-2015-8870. The CVE-2014-9299 ID originated from an unrelated and invalid assignment, and this ID was inadvertently used for the CVE-2015-8870 issue. Notes: All CVE users should reference CVE-2015-8870 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
CVE-2016-7738 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | |||||
CVE-2017-7490 | 1 Moodle | 1 Moodle | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing. | |||||
CVE-2016-8575 | 1 Tcpdump | 1 Tcpdump | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482. | |||||
CVE-2016-9456 | 1 Revive-adserver | 1 Revive Adserver | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed. | |||||
CVE-2015-2343 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none | |||||
CVE-2015-6935 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none | |||||
CVE-2016-7262 | 1 Microsoft | 3 Excel, Excel Viewer, Office Compatibility Pack | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka "Microsoft Office Security Feature Bypass Vulnerability." | |||||
CVE-2016-6620 | 1 Phpmyadmin | 1 Phpmyadmin | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
CVE-2017-7879 | 1 Flatcore | 1 Flatcore-cms | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database. | |||||
CVE-2016-4986 | 1 Jenkins | 1 Tap | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Directory traversal vulnerability in the TAP plugin before 1.25 in Jenkins allows remote attackers to read arbitrary files via an unspecified parameter. | |||||
CVE-2016-2941 | 1 Ibm | 1 Urbancode Deploy | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user. | |||||
CVE-2008-5476 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none | |||||
CVE-2014-4370 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none |