Total
240705 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-4492 | 4 Canonical, Mozilla, Opensuse and 1 more | 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more | 2024-02-04 | 7.5 HIGH | N/A |
Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object. | |||||
CVE-2015-8920 | 3 Canonical, Libarchive, Novell | 5 Ubuntu Linux, Libarchive, Suse Linux Enterprise Desktop and 2 more | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file. | |||||
CVE-2016-8502 | 1 Yandex | 1 Yandex Browser | 2024-02-04 | 5.0 MEDIUM | 7.3 HIGH |
Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript. | |||||
CVE-2016-3377 | 1 Microsoft | 1 Edge | 2024-02-04 | 7.6 HIGH | 7.5 HIGH |
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3350. | |||||
CVE-2015-6641 | 1 Google | 1 Android | 2024-02-04 | 2.9 LOW | 3.1 LOW |
Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427. | |||||
CVE-2015-8561 | 1 Schneider-electric | 1 Proclima | 2024-02-04 | 6.8 MEDIUM | N/A |
The F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted integer value to the (1) AttachToSS, (2) CopyAll, (3) CopyRange, (4) CopyRangeEx, or (5) SwapTable method, a different vulnerability than CVE-2015-7918. | |||||
CVE-2015-6113 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2024-02-04 | 2.1 LOW | N/A |
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to bypass intended filesystem permissions by leveraging Low Integrity access, aka "Windows Kernel Security Feature Bypass Vulnerability." | |||||
CVE-2015-7435 | 1 Ibm | 1 Tivoli Common Reporting | 2024-02-04 | 1.9 LOW | 2.5 LOW |
IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 allows local users to bypass the Cognos Application Firewall (CAF) protection mechanism via leading whitespace in the BackURL field. | |||||
CVE-2015-7441 | 1 Ibm | 2 Business Process Manager, Websphere Process Server | 2024-02-04 | 4.9 MEDIUM | 6.8 MEDIUM |
Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | |||||
CVE-2016-4733 | 1 Apple | 3 Iphone Os, Safari, Tvos | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4734, and CVE-2016-4735. | |||||
CVE-2015-2655 | 1 Oracle | 1 Database Server | 2024-02-04 | 5.5 MEDIUM | N/A |
Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.3.00.08 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||||
CVE-2016-6825 | 1 Huawei | 12 Rh1288 V3 Server, Rh1288 V3 Server Firmware, Rh2288 V3 Server and 9 more | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, and RH2288H V3 servers with software before V100R003C00SPC515 allow remote attackers to obtain passwords via a brute-force attack, related to "lack of authentication protection mechanisms." | |||||
CVE-2016-0058 | 1 Microsoft | 3 Windows 10, Windows 8.1, Windows Server 2012 | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Buffer overflow in the PDF Library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote attackers to execute arbitrary code via a crafted PDF document that triggers API calls, aka "Microsoft PDF Library Buffer Overflow Vulnerability." | |||||
CVE-2016-6643 | 1 Emc | 1 Vipr Srm | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2016-3771 | 1 Google | 1 Android | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29007611 and MediaTek internal bug ALPS02703102. | |||||
CVE-2015-2605 | 1 Oracle | 1 Fusion Middleware | 2024-02-04 | 7.5 HIGH | N/A |
Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2602, CVE-2015-2603, CVE-2015-2604, CVE-2015-2606, and CVE-2015-4745. | |||||
CVE-2016-0928 | 1 Pivotal | 1 Cloud Foundry Elastic Runtime | 2024-02-04 | 5.8 MEDIUM | 7.4 HIGH |
Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2015-6106 | 1 Microsoft | 7 Live Meeting, Lync, Office and 4 more | 2024-02-04 | 9.3 HIGH | N/A |
The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2013 SP1, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability." | |||||
CVE-2016-4998 | 3 Canonical, Linux, Oracle | 3 Ubuntu Linux, Linux Kernel, Linux | 2024-02-04 | 5.6 MEDIUM | 7.1 HIGH |
The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary. | |||||
CVE-2015-7312 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-02-04 | 4.4 MEDIUM | N/A |
Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-after-free and BUG) or possibly gain privileges via a (1) madvise or (2) msync system call, related to mm/madvise.c and mm/msync.c. |