Total
246948 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-2051 | 2 Google, Redhat | 5 Chrome, Enterprise Linux Desktop Supplementary, Enterprise Linux Server Supplementary and 2 more | 2023-12-10 | 6.8 MEDIUM | 9.8 CRITICAL |
Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
CVE-2015-5204 | 1 Apache | 1 Cordova File Transfer | 2023-12-10 | 4.3 MEDIUM | N/A |
CRLF injection vulnerability in the Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) for Android before 1.3.0 allows remote attackers to inject arbitrary headers via CRLF sequences in the filename of an uploaded file. | |||||
CVE-2015-4004 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2023-12-10 | 8.5 HIGH | N/A |
The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet. | |||||
CVE-2015-3451 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-12-10 | 5.0 MEDIUM | N/A |
The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function. | |||||
CVE-2016-5094 | 1 Php | 1 Php | 2023-12-10 | 7.5 HIGH | 8.6 HIGH |
Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function. | |||||
CVE-2015-7216 | 4 Fedoraproject, Gnome, Mozilla and 1 more | 5 Fedora, Gnome, Firefox and 2 more | 2023-12-10 | 6.8 MEDIUM | N/A |
The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG 2000 image. | |||||
CVE-2016-6957 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors. | |||||
CVE-2016-5343 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
drivers/soc/qcom/qdsp6v2/voice_svc.c in the QDSP6v2 Voice Service driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write request, as demonstrated by a voice_svc_send_req buffer overflow. | |||||
CVE-2015-0860 | 2 Canonical, Debian | 2 Ubuntu Linux, Dpkg | 2023-12-10 | 7.5 HIGH | N/A |
Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow. | |||||
CVE-2015-3766 | 1 Apple | 2 Iphone Os, Mac Os X | 2023-12-10 | 4.3 MEDIUM | N/A |
The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a crafted app. | |||||
CVE-2015-2655 | 1 Oracle | 1 Database Server | 2023-12-10 | 5.5 MEDIUM | N/A |
Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.3.00.08 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||||
CVE-2015-5065 | 1 Intelligent-it | 1 Paypal Currency Converter Basic For Woocommerce | 2023-12-10 | 5.0 MEDIUM | N/A |
Absolute path traversal vulnerability in proxy.php in the google currency lookup in the Paypal Currency Converter Basic For WooCommerce plugin before 1.4 for WordPress allows remote attackers to read arbitrary files via a full pathname in the requrl parameter. | |||||
CVE-2015-6640 | 1 Google | 1 Android | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or cause a denial of service (vma list corruption) via a crafted application, aka internal bug 20017123. | |||||
CVE-2016-1295 | 1 Cisco | 1 Adaptive Security Appliance Software | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote attackers to obtain sensitive information via an AnyConnect authentication attempt, aka Bug ID CSCuo65775. | |||||
CVE-2015-5737 | 1 Fortinet | 1 Forticlient | 2023-12-10 | 7.2 HIGH | N/A |
The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, which allows local users to obtain a privileged handle to a PID and possibly have unspecified other impact, as demonstrated by a 0x2220c8 ioctl call. | |||||
CVE-2015-8286 | 1 Zhuhai | 1 Raysharp Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000. | |||||
CVE-2016-7988 | 2 Google, Samsung | 6 Android, Galaxy S4, Galaxy S4 Mini and 3 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited configuration messages being handled by wifi-service.jar within the Android Framework, a subset of SVE-2016-6542. | |||||
CVE-2016-4624 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4623. | |||||
CVE-2015-5276 | 1 Gnu | 1 Gcc | 2023-12-10 | 5.0 MEDIUM | N/A |
The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. | |||||
CVE-2015-8742 | 1 Wireshark | 1 Wireshark | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. |