Total
238403 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-4499 | 1 Mozilla | 1 Bugzilla | 2024-02-04 | 7.5 HIGH | N/A |
Util.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.15, 4.3.x and 4.4.x before 4.4.10, and 5.x before 5.0.1 mishandles long e-mail addresses during account registration, which allows remote attackers to obtain the default privileges for an arbitrary domain name by placing that name in a substring of an address, as demonstrated by truncation of an @mozilla.com.example.com address to an @mozilla.com address. | |||||
CVE-2015-2807 | 1 Documentcloud | 1 Navis Documentcloud | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter. | |||||
CVE-2015-8597 | 1 Bluecoat | 2 Advanced Secure Gateway, Proxysg | 2024-02-04 | 5.8 MEDIUM | 7.4 HIGH |
Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in conjunction with a "clear text" one in a coaching page, as demonstrated by "http://www.%humbug-URL%.local/bluecoat-splash-API?%BASE64-URL%." | |||||
CVE-2016-2466 | 1 Google | 1 Android | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
The Qualcomm sound driver in Android before 2016-06-01 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka internal bug 27947307. | |||||
CVE-2015-7809 | 1 Symfony | 1 Twig | 2024-02-04 | 6.8 MEDIUM | N/A |
The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template. | |||||
CVE-2016-0802 | 2 Apple, Google | 5 Iphone Os, Mac Os X, Tvos and 2 more | 2024-02-04 | 8.3 HIGH | 8.8 HIGH |
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25306181. | |||||
CVE-2016-7445 | 2 Opensuse, Uclouvain | 2 Leap, Openjpeg | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s. | |||||
CVE-2015-5022 | 1 Ibm | 1 B2b Advanced Communications | 2024-02-04 | 4.3 MEDIUM | N/A |
IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2, when access by guests is enabled, place an internal hostname and a payload path in a response, which allows remote authenticated users to obtain sensitive information by leveraging a trading-partner relationship and reading response fields. | |||||
CVE-2015-4281 | 1 Cisco | 1 Webex Meetings Server | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.5 MR1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCus56150 and CSCus56146. | |||||
CVE-2015-4047 | 5 Canonical, Debian, F5 and 2 more | 25 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 22 more | 2024-02-04 | 7.8 HIGH | N/A |
racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests. | |||||
CVE-2015-2978 | 1 Webservice-dic | 1 Yoyaku | 2024-02-04 | 5.0 MEDIUM | N/A |
Webservice-DIC yoyaku_v41 allows remote attackers to bypass authentication and complete a conference-room reservation via unspecified vectors, as demonstrated by an "unintentional reservation." | |||||
CVE-2016-1949 | 1 Mozilla | 1 Firefox | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file. | |||||
CVE-2015-2480 | 1 Microsoft | 1 .net Framework | 2024-02-04 | 9.3 HIGH | N/A |
The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application, aka "RyuJIT Optimization Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2479 and CVE-2015-2481. | |||||
CVE-2016-6306 | 6 Canonical, Debian, Hp and 3 more | 9 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 6 more | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. | |||||
CVE-2015-7360 | 1 Fortinet | 2 Fortisandbox, Fortisandbox Firmware | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface (WebUI) in Fortinet FortiSandbox before 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) serial parameter to alerts/summary/profile/; the (2) urlForCreatingReport parameter to csearch/report/export/; the (3) id parameter to analysis/detail/download/screenshot; or vectors related to (4) "Fortiview threats by users search filtered by vdom" or (5) "PCAP file download generated by the VM scan feature." | |||||
CVE-2015-4692 | 1 Linux | 1 Linux Kernel | 2024-02-04 | 4.9 MEDIUM | N/A |
The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call. | |||||
CVE-2015-0765 | 1 Cisco | 1 Ons 15454 System Software | 2024-02-04 | 5.0 MEDIUM | N/A |
Cisco ONS 15454 System Software 10.30 and 10.301 allows remote attackers to cause a denial of service (tNetTask CPU consumption or card reset) via a flood of (1) IP or (2) Ethernet traffic, aka Bug ID CSCus57263. | |||||
CVE-2016-4641 | 1 Apple | 1 Mac Os X | 2024-02-04 | 9.3 HIGH | 7.3 HIGH |
Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or obtain sensitive user information via a crafted app that leverages a "type confusion." | |||||
CVE-2016-1796 | 1 Apple | 1 Mac Os X | 2024-02-04 | 4.3 MEDIUM | 3.3 LOW |
Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds memory access) via a crafted app. | |||||
CVE-2016-3425 | 1 Oracle | 3 Jdk, Jre, Jrockit | 2024-02-04 | 5.0 MEDIUM | 4.3 MEDIUM |
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP. |