Total
60767 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-1699 | 6 Canonical, Debian, Google and 3 more | 9 Ubuntu Linux, Debian Linux, Chrome and 6 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL. | |||||
CVE-2016-1782 | 1 Apple | 2 Iphone Os, Safari | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly restrict redirects that specify a TCP port number, which allows remote attackers to bypass intended port restrictions via a crafted web site. | |||||
CVE-2016-3895 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
Integer overflow in the Region::unflatten function in libs/ui/Region.cpp in mediaserver in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 29983260. | |||||
CVE-2016-3818 | 1 Google | 1 Android | 2024-02-04 | 7.1 HIGH | 5.5 MEDIUM |
libc in Android 4.x before 4.4.4 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28740702. | |||||
CVE-2016-1677 | 6 Canonical, Debian, Google and 3 more | 10 Ubuntu Linux, Debian Linux, Chrome and 7 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the decodeURI function and leveraging "type confusion." | |||||
CVE-2015-4703 | 1 Rename Project | 1 Rename | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
Absolute path traversal vulnerability in mysqldump_download.php in the WordPress Rename plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the dumpfname parameter. | |||||
CVE-2016-1811 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image. | |||||
CVE-2016-3209 | 1 Microsoft | 14 .net Framework, Live Meeting, Lync and 11 more | 2024-02-04 | 5.0 MEDIUM | 5.5 MEDIUM |
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "True Type Font Parsing Information Disclosure Vulnerability." | |||||
CVE-2016-3615 | 5 Canonical, Debian, Ibm and 2 more | 6 Ubuntu Linux, Debian Linux, Powerkvm and 3 more | 2024-02-04 | 4.3 MEDIUM | 5.3 MEDIUM |
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML. | |||||
CVE-2016-1357 | 1 Cisco | 1 Cisco Policy Suite | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
The password-management administration component in Cisco Policy Suite (CPS) 7.0.1.3, 7.0.2, 7.0.2-att, 7.0.3-att, 7.0.4-att, and 7.5.0 allows remote attackers to bypass intended RBAC restrictions and read unspecified data via unknown vectors, aka Bug ID CSCut85211. | |||||
CVE-2016-3464 | 1 Oracle | 1 Flexcube Direct Banking | 2024-02-04 | 4.0 MEDIUM | 5.7 MEDIUM |
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.3 allows remote authenticated users to affect confidentiality via vectors related to Accounts. | |||||
CVE-2016-1236 | 2 Debian, Websvn | 2 Debian Linux, Websvn | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.php, (2) log.php, (3) listing.php, and (4) comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a (a) file or (b) directory in a repository. | |||||
CVE-2016-3299 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-04 | 4.3 MEDIUM | 5.3 MEDIUM |
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to hijack network traffic or bypass intended Enhanced Protected Mode (EPM) or application container protection mechanisms, and consequently render untrusted content in a browser, by leveraging how NetBIOS validates responses, aka "NetBIOS Spoofing Vulnerability." | |||||
CVE-2016-6677 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
The NVIDIA GPU driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30259955. | |||||
CVE-2016-5250 | 1 Mozilla | 1 Firefox | 2024-02-04 | 5.0 MEDIUM | 4.3 MEDIUM |
Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls. | |||||
CVE-2015-8287 | 1 Swann | 4 Srnvw-470lcd, Srnvw-470lcd Firmware, Swnvw-470cam and 1 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
Swann SRNVW-470LCD devices with firmware through 0114 and SWNVW-470CAM devices with firmware through 1022 allow remote attackers to watch live video by visiting an unspecified URL. | |||||
CVE-2016-4707 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-02-04 | 2.1 LOW | 4.0 MEDIUM |
CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles Local Storage deletion, which allows local users to discover the visited web sites of arbitrary users via unspecified vectors. | |||||
CVE-2016-0169 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0168. | |||||
CVE-2016-5584 | 3 Debian, Mariadb, Oracle | 3 Debian Linux, Mariadb, Mysql | 2024-02-04 | 3.5 LOW | 4.4 MEDIUM |
Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption. | |||||
CVE-2016-1688 | 6 Canonical, Debian, Google and 3 more | 10 Ubuntu Linux, Debian Linux, Chrome and 7 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted JavaScript code. |