Total
248982 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-0230 | 1 Ibm | 1 Hardware Management Console | 2023-12-10 | 7.2 HIGH | 6.8 MEDIUM |
IBM Power Hardware Management Console (HMC) 7.3 through 7.3.0 SP7, 7.9 through 7.9.0 SP3, 8.1 through 8.1.0 SP3, 8.2 through 8.2.0 SP2, 8.3 through 8.3.0 SP2, 8.4 through 8.4.0 SP1, and 8.5.0 allows physically proximate attackers to obtain root access via unspecified vectors. | |||||
CVE-2015-1687 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | |||||
CVE-2015-4813 | 2 Debian, Oracle | 2 Debian Linux, Vm Virtualbox | 2023-12-10 | 2.1 LOW | N/A |
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local users to affect availability via unknown vectors related to Core. | |||||
CVE-2015-7884 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 1.9 LOW | 2.3 LOW |
The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. | |||||
CVE-2016-1000154 | 1 Browserweb | 1 Whizz | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Reflected XSS in wordpress plugin whizz v1.0.7 | |||||
CVE-2015-6093 | 1 Microsoft | 4 Office, Office Web Apps, Office Web Apps Server and 1 more | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | |||||
CVE-2015-6944 | 1 Jsp\/mysql Administrador Web Project | 1 Jsp\/mysql Administrador Web | 2023-12-10 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in JSP/MySQL Administrador Web 1 allows remote attackers to hijack the authentication of users for requests that execute arbitrary SQL commands via the cmd parameter to sys/sys/listaBD2.jsp. | |||||
CVE-2016-9117 | 1 Uclouvain | 1 Openjpeg | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. | |||||
CVE-2016-7386 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70000D4 which may lead to leaking of kernel memory contents to user space through an uninitialized buffer. | |||||
CVE-2016-1000114 | 1 Huge-it | 1 Gallery | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS in huge IT gallery v1.1.5 for Joomla | |||||
CVE-2015-5918 | 1 Apple | 1 Watch Os | 2023-12-10 | 7.2 HIGH | N/A |
GasGauge in Apple watchOS before 2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5919. | |||||
CVE-2016-2782 | 2 Linux, Suse | 8 Linux Kernel, Linux Enterprise Debuginfo, Linux Enterprise Desktop and 5 more | 2023-12-10 | 4.9 MEDIUM | 4.6 MEDIUM |
The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint. | |||||
CVE-2015-5568 | 5 Adobe, Apple, Google and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2023-12-10 | 10.0 HIGH | N/A |
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to cause a denial of service (vector-length corruption) or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2015-4878 | 1 Oracle | 1 Fusion Middleware | 2023-12-10 | 1.5 LOW | N/A |
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4877. | |||||
CVE-2016-0365 | 1 Ibm | 1 Urbancode Deploy | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1, when agent-relay Codestation artifact caching is enabled, allows remote attackers to bypass authentication and obtain sensitive artifact information via unspecified vectors. | |||||
CVE-2015-4727 | 1 Oracle | 1 Virtualization Sun Ray | 2023-12-10 | 7.5 HIGH | N/A |
Unspecified vulnerability in Oracle Virtualization Sun Ray Software before 5.4.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web Console. | |||||
CVE-2015-5447 | 1 Hp | 1 Storeonce Backup System Software | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2016-0063 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060, CVE-2016-0061, CVE-2016-0067, and CVE-2016-0072. | |||||
CVE-2015-7828 | 1 Sap | 1 Hana | 2023-12-10 | 10.0 HIGH | N/A |
SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitrary code or have unspecified other impact via a TrexNet packet to the (1) fcopydir, (2) fmkdir, (3) frmdir, (4) getenv, (5) dumpenv, (6) fcopy, (7) fput, (8) fdel, (9) fmove, (10) fget, (11) fappend, (12) fdir, (13) getTraces, (14) kill, (15) pexec, (16) stop, or (17) pythonexec method, aka SAP Security Note 2165583. | |||||
CVE-2016-1209 | 1 Ninjaforms | 1 Ninja Forms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request. |