Total
247505 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4660 | 1 Eliacom | 1 Enhanced Sql Portal | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Enhanced SQL Portal 5.0.7961 allows remote attackers to inject arbitrary web script or HTML via the id parameter to iframe.php. | |||||
| CVE-2015-6751 | 1 Time Tracker Project | 1 Time Tracker | 2023-12-10 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) note added to a time entry or an (2) activity used to categorize time tracker entries. | |||||
| CVE-2015-4941 | 1 Ibm | 1 Websphere Mq Light | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM WebSphere MQ Light 1.x before 1.0.2 mishandles abbreviated TLS handshakes, which allows remote attackers to cause a denial of service (MQXR service crash) via unspecified vectors. | |||||
| CVE-2016-0699 | 1 Oracle | 1 Flexcube Direct Banking | 2023-12-10 | 9.4 HIGH | 9.1 CRITICAL |
| Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.2 and 12.0.3 allows remote attackers to affect confidentiality and integrity via vectors related to the Login sub-component. | |||||
| CVE-2015-3860 | 1 Google | 1 Android | 2023-12-10 | 7.2 HIGH | N/A |
| packages/Keyguard/res/layout/keyguard_password_view.xml in Lockscreen in Android 5.x before 5.1.1 LMY48M does not restrict the number of characters in the passwordEntry input field, which allows physically proximate attackers to bypass intended access restrictions via a long password that triggers a SystemUI crash, aka internal bug 22214934. | |||||
| CVE-2016-6525 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array. | |||||
| CVE-2015-7407 | 1 Ibm | 1 Mashups Center | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Lotus Mashups in IBM Mashup Center 3.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2016-3327 | 1 Microsoft | 2 Edge, Internet Explorer | 2023-12-10 | 2.6 LOW | 5.3 MEDIUM |
| Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka "Microsoft Browser Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3326. | |||||
| CVE-2015-6933 | 1 Vmware | 4 Esxi, Fusion, Player and 1 more | 2023-12-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0 allows Windows guest OS users to gain guest OS privileges or cause a denial of service (guest OS kernel memory corruption) via unspecified vectors. | |||||
| CVE-2015-1851 | 2 Canonical, Openstack | 4 Ubuntu Linux, Icehouse, Juno and 1 more | 2023-12-10 | 6.8 MEDIUM | N/A |
| OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command. | |||||
| CVE-2015-8704 | 1 Isc | 1 Bind | 2023-12-10 | 6.8 MEDIUM | 6.5 MEDIUM |
| apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record. | |||||
| CVE-2014-9769 | 1 Pcre | 1 Pcre | 2023-12-10 | 7.5 HIGH | 7.3 HIGH |
| pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. | |||||
| CVE-2016-4911 | 1 Keystone | 1 Openstack Identity | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token. | |||||
| CVE-2015-6403 | 1 Cisco | 14 Spa300 Firmware, Spa500 Firmware, Spa 301 and 11 more | 2023-12-10 | 7.2 HIGH | N/A |
| The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400. | |||||
| CVE-2016-1479 | 1 Cisco | 2 Ip Phone 8800, Ip Phone 8800 Series Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
| Cisco IP Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of service (memory corruption) via a crafted HTTP request, aka Bug ID CSCuz03038. | |||||
| CVE-2015-6991 | 1 Apple | 2 Iphone Os, Mac Os X | 2023-12-10 | 6.8 MEDIUM | N/A |
| FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. | |||||
| CVE-2015-6492 | 1 Rockwellautomation | 2 Micrologix 1100 Firmware, Micrologix 1400 Firmware | 2023-12-10 | 7.8 HIGH | N/A |
| Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote attackers to cause a denial of service (memory corruption and device crash) via a crafted HTTP request. | |||||
| CVE-2015-3646 | 2 Openstack, Oracle | 2 Keystone, Solaris | 2023-12-10 | 4.0 MEDIUM | N/A |
| OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs. | |||||
| CVE-2016-1000126 | 1 Admin-font-editor Project | 1 Admin-font-editor | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin admin-font-editor v1.8 | |||||
| CVE-2016-5473 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2023-12-10 | 3.5 LOW | 3.1 LOW |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to File Folders / Attachment, a different vulnerability than CVE-2016-3537. | |||||