Total
250425 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-8398 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Unauthenticated messages processed by the UE. Certain NAS messages are processed when no EPS security context exists in the UE. Product: Android. Versions: Kernel 3.18. Android ID: A-31548486. References: QC-CR#877705. | |||||
CVE-2014-3927 | 1 Mrlg4php Project | 1 Mrlg4php | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code. | |||||
CVE-2016-7221 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Input Method Editor (IME) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles DLL loading, which allows local users to gain privileges via unspecified vectors, aka "Windows IME Elevation of Privilege Vulnerability." | |||||
CVE-2017-7320 | 1 Modx | 1 Modx Revolution | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language parameter, which allows remote attackers to conduct Cookie-Bombing attacks and cause a denial of service (cookie quota exhaustion), or conduct HTTP Response Splitting attacks with resultant XSS, via an invalid parameter value. | |||||
CVE-2005-4539 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none | |||||
CVE-2017-8928 | 1 Mailcow | 1 Mailcow\ | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF. | |||||
CVE-2016-7645 | 1 Apple | 4 Icloud, Iphone Os, Itunes and 1 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
CVE-2016-2136 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | |||||
CVE-2014-7114 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none | |||||
CVE-2016-4442 | 1 Miniprofiler | 1 Rack-mini-profiler | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The rack-mini-profiler gem before 0.10.1 for Ruby allows remote attackers to obtain sensitive information about allocated strings and objects by leveraging incorrect ordering of security checks. | |||||
CVE-2013-2799 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none | |||||
CVE-2016-6853 | 1 Open-xchange | 1 Ox Guard | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code and references to external websites can be injected to the names of PGP public keys. When requesting that key later on using a specific URL, such script code might get executed. In case of injecting external websites, users might get lured into a phishing scheme. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). | |||||
CVE-2017-6644 | 1 Cisco | 1 Remote Expert Manager | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52860. | |||||
CVE-2015-7584 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none | |||||
CVE-2009-0073 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none | |||||
CVE-2016-10317 | 1 Artifex | 1 Ghostscript | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. | |||||
CVE-2016-9032 | 1 Joyent | 1 Smartos | 2023-12-10 | 6.9 MEDIUM | 7.0 HIGH |
An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a buffer overflow in the nm variable leading to an out of bounds memory access and could result in potential privilege escalation. This vulnerability is distinct from CVE-2016-9034. | |||||
CVE-2016-1000348 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10211. Reason: This candidate is a reservation duplicate of CVE-2016-10211. Notes: All CVE users should reference CVE-2016-10211 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
CVE-2016-9607 | 2023-12-10 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | |||||
CVE-2017-7200 | 1 Openstack | 1 Glance | 2023-12-10 | 5.0 MEDIUM | 5.8 MEDIUM |
An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service. |