Total
247088 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3075 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2023-12-10 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3053, CVE-2015-3054, CVE-2015-3055, and CVE-2015-3059. | |||||
| CVE-2016-2195 | 2 Botan Project, Debian | 2 Botan, Debian Linux | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point, which triggers a heap-based buffer overflow. | |||||
| CVE-2016-6673 | 1 Google | 1 Android | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
| The NVIDIA camera driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 30204201. | |||||
| CVE-2015-1706 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1658, CVE-2015-1711, CVE-2015-1717, and CVE-2015-1718. | |||||
| CVE-2015-8096 | 1 Google | 1 Picasa | 2023-12-10 | 10.0 HIGH | N/A |
| Integer overflow in Google Picasa 3.9.140 Build 239 and Build 248 allows remote attackers to execute arbitrary code via unspecified vectors related to "phase one 0x412 tag," which triggers a heap-based buffer overflow. | |||||
| CVE-2016-3939 | 1 Google | 1 Android | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
| drivers/video/msm/mdss/mdss_debug.c in the Qualcomm video driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 30874196 and Qualcomm internal bug CR 1001224. | |||||
| CVE-2016-5669 | 1 Crestron | 2 Dm-txrx-100-str, Dm-txrx-100-str Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier for remote attackers to conduct man-in-the-middle attacks against HTTPS sessions by leveraging the certificate's trust relationship. | |||||
| CVE-2015-1000000 | 1 Mailcwp Project | 1 Mailcwp | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| Remote file upload vulnerability in mailcwp v1.99 wordpress plugin | |||||
| CVE-2015-3106 | 5 Adobe, Apple, Google and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2023-12-10 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3103 and CVE-2015-3107. | |||||
| CVE-2015-6477 | 1 Nordex | 1 Nordex Control 2 Scada | 2023-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Wind Farm Portal application in Nordex Control 2 (NC2) SCADA 16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-5087 | 1 Alertus | 1 Alertus Desktop Notification For Os X | 2023-12-10 | 3.6 LOW | 4.4 MEDIUM |
| Alertus Desktop Notification before 2.9.31.1710 on OS X uses weak permissions for configuration files and unspecified other files, which allows local users to suppress emergency notifications or change content via standard filesystem operations. | |||||
| CVE-2015-6375 | 1 Cisco | 1 Ios | 2023-12-10 | 2.1 LOW | N/A |
| The debug-logging (aka debug cns) feature in Cisco Networking Services (CNS) for IOS 15.2(2)E3 allows local users to obtain sensitive information by reading an unspecified file, aka Bug ID CSCux18010. | |||||
| CVE-2015-2590 | 1 Oracle | 2 Jdk, Jre | 2023-12-10 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732. | |||||
| CVE-2015-4141 | 2 Opensuse, W1.fi | 3 Opensuse, Hostapd, Wpa Supplicant | 2023-12-10 | 4.3 MEDIUM | N/A |
| The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow. | |||||
| CVE-2015-2629 | 1 Oracle | 1 Database Server | 2023-12-10 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0457. | |||||
| CVE-2014-9297 | 2023-12-10 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage | |||||
| CVE-2016-4766 | 2 Apple, Microsoft | 5 Iphone Os, Itunes, Safari and 2 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4767, and CVE-2016-4768. | |||||
| CVE-2016-1644 | 1 Google | 1 Chrome | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
| WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly restrict relayout scheduling, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted HTML document. | |||||
| CVE-2016-3680 | 1 Huawei | 2 Mate 8, Mate 8 Firmware | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
| Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted application, aka HWPSIRT-2016-03020. | |||||
| CVE-2016-4541 | 3 Fedoraproject, Opensuse, Php | 3 Fedora, Leap, Php | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset. | |||||