Total
246843 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-3890 | 1 Google | 1 Android | 2023-12-10 | 7.6 HIGH | 7.0 HIGH |
The Java Debug Wire Protocol (JDWP) implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842. | |||||
CVE-2016-1026 | 5 Adobe, Apple, Google and 2 more | 13 Air Desktop Runtime, Air Sdk, Air Sdk \& Compiler and 10 more | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. | |||||
CVE-2016-1224 | 1 Trendmicro | 2 Worry-free Business Security, Worry-free Business Security Services | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors. | |||||
CVE-2015-0144 | 1 Ibm | 1 Openpages Grc Platform | 2023-12-10 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8916. | |||||
CVE-2016-4158 | 2 Adobe, Microsoft | 2 Creative Cloud, Windows | 2023-12-10 | 6.9 MEDIUM | 7.3 HIGH |
Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 3.7.0.272 on Windows allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory. | |||||
CVE-2016-2492 | 1 Google | 2 Android, Android One | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
The MediaTek power-management driver in Android before 2016-06-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 28085410. | |||||
CVE-2015-4489 | 4 Canonical, Mozilla, Opensuse and 1 more | 6 Ubuntu Linux, Firefox, Firefox Esr and 3 more | 2023-12-10 | 7.5 HIGH | N/A |
The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging a self assignment. | |||||
CVE-2015-5332 | 1 Moodle | 1 Moodle | 2023-12-10 | 7.1 HIGH | 6.8 MEDIUM |
Atto in Moodle 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allows remote attackers to cause a denial of service (disk consumption) by leveraging the guest role and entering drafts with the editor-autosave feature. | |||||
CVE-2016-0903 | 1 Emc | 1 Avamar Server | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data via a modified client agent. | |||||
CVE-2015-2918 | 1 Orientdb | 1 Orientdb | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | |||||
CVE-2015-7322 | 1 Juniper | 1 Pulse Connect Secure | 2023-12-10 | 5.0 MEDIUM | N/A |
The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 provides different messages for attempts to join a meeting depending on the status of the meeting, which allows remote attackers to enumerate valid meeting ids via a series of requests. | |||||
CVE-2015-1986 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2023-12-10 | 10.0 HIGH | N/A |
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2015-1938. | |||||
CVE-2016-0673 | 1 Oracle | 1 Siebel Ui Framework | 2023-12-10 | 4.9 MEDIUM | 5.4 MEDIUM |
Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to UIF Open UI. | |||||
CVE-2016-2115 | 2 Canonical, Samba | 2 Ubuntu Linux, Samba | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream. | |||||
CVE-2015-5989 | 1 Belkin | 2 N600 Db Wi-fi Dual-band N\\\+ Router F9k1102, N600 Db Wi-fi Dual-band N\\\+ Router F9k1102 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values. | |||||
CVE-2016-7182 | 1 Microsoft | 12 Live Meeting, Lync, Office and 9 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows attackers to execute arbitrary code via a crafted True Type font, aka "True Type Font Parsing Elevation of Privilege Vulnerability." | |||||
CVE-2016-1730 | 1 Apple | 1 Iphone Os | 2023-12-10 | 5.8 MEDIUM | 5.4 MEDIUM |
WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or write to cookies by operating a crafted captive portal. | |||||
CVE-2015-3863 | 1 Google | 1 Android | 2023-12-10 | 9.3 HIGH | N/A |
Multiple integer overflows in the Blob class in keystore/keystore.cpp in Keystore in Android before 5.1.1 LMY48M allow attackers to execute arbitrary code and read arbitrary Keystore keys via an application that uses a crafted blob in an insert operation, aka internal bug 22802399. | |||||
CVE-2016-4087 | 1 Huawei | 4 S12700, S12700 Firmware, S5700 and 1 more | 2023-12-10 | 5.1 MEDIUM | 8.1 HIGH |
Huawei S12700 switches with software before V200R008C00SPC500 and S5700 switches with software before V200R005SPH010, when the debug switch is enabled, allows remote attackers to cause a denial of service or execute arbitrary code via crafted DNS packets. | |||||
CVE-2015-4153 | 1 Zanematthew | 1 Zm Ajax Login \& Register | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the template parameter in a load_template action to wp-admin/admin-ajax.php. |