Total
1310 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-4963 | 1 Xen | 1 Xen | 2024-02-04 | 1.9 LOW | 4.7 MEDIUM |
The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore. | |||||
CVE-2016-1842 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic. | |||||
CVE-2016-5963 | 1 Ibm | 1 Security Privileged Identity Manager Virtual Appliance | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 does not properly validate updates, which allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
CVE-2015-3691 | 1 Apple | 1 Mac Os X | 2024-02-04 | 9.3 HIGH | N/A |
The Monitor Control Command Set kernel extension in the Display Drivers subsystem in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages control of a function pointer. | |||||
CVE-2016-1301 | 1 Cisco | 2 Asa Cx Context-aware Security Software, Prime Security Manager | 2024-02-04 | 8.5 HIGH | 8.8 HIGH |
The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1(112) and Cisco Prime Security Manager (PRSM) software before 9.3.1.1(112) allows remote authenticated users to change arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuo94842. | |||||
CVE-2016-3165 | 1 Drupal | 1 Drupal | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The Form API in Drupal 6.x before 6.38 ignores access restrictions on submit buttons, which might allow remote attackers to bypass intended access restrictions by leveraging permission to submit a form with a button that has "#access" set to FALSE in the server-side form definition. | |||||
CVE-2016-2820 | 1 Mozilla | 1 Firefox | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element. | |||||
CVE-2016-3878 | 1 Google | 1 Android | 2024-02-04 | 7.1 HIGH | 5.5 MEDIUM |
decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-09-01 mishandles the case of decoding zero MBs, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29493002. | |||||
CVE-2015-5746 | 1 Apple | 1 Iphone Os | 2024-02-04 | 5.0 MEDIUM | N/A |
AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling. | |||||
CVE-2015-1541 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | N/A |
The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an Intent with a (1) FLAG_GRANT_READ_URI_PERMISSION or (2) FLAG_GRANT_WRITE_URI_PERMISSION flag, as demonstrated by bypassing intended restrictions on reading contacts, aka internal bug 19618745. | |||||
CVE-2015-8679 | 1 Huawei | 4 Mate S, Mate S Firmware, P8 and 1 more | 2024-02-04 | 7.1 HIGH | 5.5 MEDIUM |
The Maxim_smartpa_dev driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allow attackers to cause a denial of service (system crash) via a crafted application, which triggers an invalid memory access. | |||||
CVE-2016-1844 | 1 Apple | 1 Mac Os X | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors. | |||||
CVE-2016-5608 | 1 Oracle | 1 Vm Virtualbox | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5613. | |||||
CVE-2016-5101 | 2 Microsoft, Opera | 2 Windows, Opera Mail | 2024-02-04 | 9.3 HIGH | 8.8 HIGH |
Unspecified vulnerability in Opera Mail before 2016-02-16 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted e-mail message. | |||||
CVE-2016-3276 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 2.6 LOW | 3.1 LOW |
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to conduct content-spoofing attacks via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability." | |||||
CVE-2016-0182 | 1 Microsoft | 5 Windows 10, Windows 7, Windows 8.1 and 2 more | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Windows Journal in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted Journal (aka .jnt) file, aka "Windows Journal Memory Corruption Vulnerability." | |||||
CVE-2016-6690 | 1 Google | 1 Android | 2024-02-04 | 7.1 HIGH | 5.5 MEDIUM |
The sound driver in the kernel in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Nexus Player devices allows attackers to cause a denial of service (reboot) via a crafted application, aka internal bug 28838221. | |||||
CVE-2015-7184 | 1 Mozilla | 1 Firefox | 2024-02-04 | 6.8 MEDIUM | N/A |
The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | |||||
CVE-2016-1658 | 4 Debian, Google, Novell and 1 more | 4 Debian Linux, Chrome, Suse Package Hub For Suse Linux Enterprise and 1 more | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension. | |||||
CVE-2016-2354 | 1 Lemurmonitors | 1 Bluedriver | 2024-02-04 | 8.0 HIGH | 8.8 HIGH |
The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver before 2016-04-07 supports unrestricted pairing without a PIN, which allows remote attackers to send arbitrary CAN commands by leveraging access to a device inside or adjacent to the vehicle, as demonstrated by a CAN command to disrupt braking or steering. |