Total
246798 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2480 | 1 Microsoft | 1 .net Framework | 2023-12-10 | 9.3 HIGH | N/A |
| The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application, aka "RyuJIT Optimization Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2479 and CVE-2015-2481. | |||||
| CVE-2016-5368 | 1 Huawei | 2 Ar3200, Ar3200 Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
| Memory leak in Huawei AR3200 before V200R007C00SPC900 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted Multiprotocol Label Switching (MPLS) packets. | |||||
| CVE-2016-4536 | 1 Openafs | 1 Openafs | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow remote attackers to obtain sensitive memory information by leveraging access to RPC call traffic. | |||||
| CVE-2016-7020 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248. | |||||
| CVE-2016-0828 | 1 Google | 1 Android | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The BnGraphicBufferConsumer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not initialize a certain slot variable, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an ATTACH_BUFFER action, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26338113. | |||||
| CVE-2015-1342 | 1 Canonical | 2 Lxcfs, Ubuntu Linux | 2023-12-10 | 4.6 MEDIUM | N/A |
| LXCFS before 0.12 does not properly enforce directory escapes, which might allow local users to gain privileges by (1) querying or (2) updating a cgroup. | |||||
| CVE-2015-7812 | 1 Xen | 1 Xen | 2023-12-10 | 4.9 MEDIUM | N/A |
| The hypercall_create_continuation function in arch/arm/domain.c in Xen 4.4.x through 4.6.x allows local guest users to cause a denial of service (host crash) via a preemptible hypercall to the multicall interface. | |||||
| CVE-2016-2509 | 1 Belden | 6 Hirschmann Firmware, Hirschmann L2b, Hirschmann L2e and 3 more | 2023-12-10 | 2.9 LOW | 5.3 MEDIUM |
| The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator password, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2016-7549 | 1 Google | 1 Chrome | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) or possibly have unspecified other impact by leveraging access to a renderer process, related to render_frame_host_impl.cc and render_widget_host_impl.cc, as demonstrated by a Password Manager message. | |||||
| CVE-2015-8346 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form. | |||||
| CVE-2016-6479 | 2023-12-10 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-6479. Reason: This candidate is a duplicate of CVE-2015-6479. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2015-6479 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
| CVE-2015-2595 | 1 Oracle | 1 Database Server | 2023-12-10 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle OLAP component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2016-0465 | 1 Oracle | 1 Oracle And Sun Systems Product Suite | 2023-12-10 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4 allows local users to affect availability via unknown vectors related to Resource Group Manager. | |||||
| CVE-2015-6810 | 1 Invisionpower | 1 Invision Power Board | 2023-12-10 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/. | |||||
| CVE-2015-3662 | 1 Apple | 2 Mac Os X, Quicktime | 2023-12-10 | 6.8 MEDIUM | N/A |
| QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3663, CVE-2015-3666, CVE-2015-3667, and CVE-2015-3668. | |||||
| CVE-2016-5920 | 1 Ibm | 1 Financial Transaction Manager | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financial Transaction Manager (FTM) for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-4774 | 1 Oracle | 1 Berkeley Db | 2023-12-10 | 3.3 LOW | N/A |
| Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect integrity and availability via unknown vectors, a different vulnerability than CVE-2015-4779 and CVE-2015-4788. | |||||
| CVE-2016-7124 | 1 Php | 1 Php | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call. | |||||
| CVE-2015-7103 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2023-12-10 | 6.8 MEDIUM | N/A |
| WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, and CVE-2015-7102. | |||||
| CVE-2015-1999 | 1 Ibm | 1 Security Qradar Incident Forensics | 2023-12-10 | 5.0 MEDIUM | N/A |
| IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 places session IDs in https URLs, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. | |||||