Total
248483 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-3744 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 7.5 HIGH |
Buffer overflow in the create_pbuf function in btif/src/btif_hh.c in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers to gain privileges via a crafted pairing operation, aka internal bug 27930580. | |||||
CVE-2016-1151 | 1 Cybozu | 1 Office | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users. | |||||
CVE-2015-3252 | 1 Apache | 1 Cloudstack | 2023-12-10 | 6.0 MEDIUM | 9.8 CRITICAL |
Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server. | |||||
CVE-2016-4696 | 1 Apple | 1 Mac Os X | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | |||||
CVE-2015-6135 | 1 Microsoft | 3 Internet Explorer, Jscript, Vbscript | 2023-12-10 | 5.0 MEDIUM | N/A |
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." | |||||
CVE-2016-3256 | 1 Microsoft | 1 Windows 10 | 2023-12-10 | 2.1 LOW | 5.0 MEDIUM |
Microsoft Windows 10 Gold and 1511 allows local users to bypass the Secure Kernel Mode protection mechanism and obtain sensitive information via a crafted application, aka "Windows Secure Kernel Mode Information Disclosure Vulnerability." | |||||
CVE-2015-7560 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content. | |||||
CVE-2015-4542 | 1 Emc | 1 Rsa Archer Grc | 2023-12-10 | 6.5 MEDIUM | N/A |
EMC RSA Archer GRC 5.x before 5.5.3 allows remote authenticated users to bypass intended access restrictions, and read or modify Discussion Forum Fields messages, via unspecified vectors. | |||||
CVE-2016-9190 | 2 Debian, Python | 2 Debian Linux, Pillow | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component. | |||||
CVE-2016-2384 | 2 Linux, Novell | 2 Linux Kernel, Suse Linux Enterprise Real Time Extension | 2023-12-10 | 4.9 MEDIUM | 4.6 MEDIUM |
Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor. | |||||
CVE-2016-0062 | 1 Microsoft | 2 Edge, Internet Explorer | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." | |||||
CVE-2016-2216 | 2 Fedoraproject, Nodejs | 2 Fedora, Node.js | 2023-12-10 | 4.3 MEDIUM | 7.5 HIGH |
The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a. | |||||
CVE-2016-5361 | 1 Libreswan | 1 Libreswan | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 protocol, but has a required security update from the libreswan vendor; as of 2016-06-10, it is expected that several other IKEv1 implementations will have vendor-required security updates, with separate CVE IDs assigned to each. | |||||
CVE-2015-4819 | 6 Canonical, Debian, Fedoraproject and 3 more | 14 Ubuntu Linux, Debian Linux, Fedora and 11 more | 2023-12-10 | 7.2 HIGH | N/A |
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs. | |||||
CVE-2016-1040 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1039, CVE-2016-1041, CVE-2016-1042, CVE-2016-1044, CVE-2016-1062, and CVE-2016-1117. | |||||
CVE-2016-5166 | 2 Google, Opensuse | 2 Chrome, Leap | 2023-12-10 | 2.6 LOW | 3.1 LOW |
The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the "Save page as" menu choice. | |||||
CVE-2016-0069 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0068. | |||||
CVE-2015-5688 | 1 Geddyjs | 1 Geddy | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI. | |||||
CVE-2016-1513 | 1 Apache | 1 Openoffice | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) ODP or (2) OTP file. | |||||
CVE-2016-6510 | 1 Wireshark | 1 Wireshark | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. |