Total
60050 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-7416 | 2 Ibm, Microsoft | 2 I Access, Windows | 2024-02-04 | 2.1 LOW | 4.0 MEDIUM |
AFP Workbench Viewer in IBM i Access 7.1 on Windows allows remote attackers to cause a denial of service (viewer crash) via a crafted workbench file. | |||||
CVE-2016-5728 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-02-04 | 5.4 MEDIUM | 6.3 MEDIUM |
Race condition in the vop_ioctl function in drivers/misc/mic/vop/vop_vringh.c in the MIC VOP driver in the Linux kernel before 4.6.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (memory corruption and system crash) by changing a certain header, aka a "double fetch" vulnerability. | |||||
CVE-2009-2197 | 1 Apple | 1 Safari | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog. | |||||
CVE-2016-0293 | 1 Ibm | 1 Bigfix Platform | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.1.8 and 9.2.x before 9.2.8 allows remote attackers to inject arbitrary web script or HTML via a modified .beswrpt file. | |||||
CVE-2016-1637 | 1 Google | 1 Chrome | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
The SkATan2_255 function in effects/gradients/SkSweepGradient.cpp in Skia, as used in Google Chrome before 49.0.2623.75, mishandles arctangent calculations, which allows remote attackers to obtain sensitive information via a crafted web site. | |||||
CVE-2016-0075 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Rt 8.1 and 1 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0073. | |||||
CVE-2015-4996 | 1 Ibm | 1 Rational Clearquest | 2024-02-04 | 3.6 LOW | 5.1 MEDIUM |
IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors. | |||||
CVE-2016-1000135 | 1 Hdw-tube Project | 1 Hdw-tube | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Reflected XSS in wordpress plugin hdw-tube v1.2 | |||||
CVE-2015-8704 | 1 Isc | 1 Bind | 2024-02-04 | 6.8 MEDIUM | 6.5 MEDIUM |
apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record. | |||||
CVE-2015-5167 | 1 Apache | 1 Ranger | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API. | |||||
CVE-2016-3416 | 1 Oracle | 1 Weblogic Server | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality and integrity via vectors related to Console. | |||||
CVE-2016-4748 | 1 Apple | 1 Mac Os X | 2024-02-04 | 4.6 MEDIUM | 5.3 MEDIUM |
Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable. | |||||
CVE-2016-1000141 | 1 Page-layout-builder Project | 1 Page-layout-builder | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Reflected XSS in wordpress plugin page-layout-builder v1.9.3 | |||||
CVE-2015-1339 | 2 Linux, Novell | 3 Linux Kernel, Suse Linux Enterprise Debuginfo, Suse Linux Enterprise Real Time Extension | 2024-02-04 | 4.9 MEDIUM | 6.2 MEDIUM |
Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact by opening /dev/cuse many times. | |||||
CVE-2016-2495 | 1 Google | 1 Android | 2024-02-04 | 7.1 HIGH | 5.5 MEDIUM |
SampleTable.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28076789. | |||||
CVE-2016-4963 | 1 Xen | 1 Xen | 2024-02-04 | 1.9 LOW | 4.7 MEDIUM |
The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore. | |||||
CVE-2016-3722 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name." | |||||
CVE-2016-6494 | 2 Fedoraproject, Mongodb | 2 Fedora, Mongodb | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files. | |||||
CVE-2016-4394 | 1 Hp | 1 System Management Homepage | 2024-02-04 | 5.8 MEDIUM | 6.5 MEDIUM |
HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue. | |||||
CVE-2016-6510 | 1 Wireshark | 1 Wireshark | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. |