Total
237005 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-7758 | 2 Gummi Project, Opensuse | 3 Gummi, Leap, Opensuse | 2024-02-04 | 2.1 LOW | 3.3 LOW |
Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc extension for the file name, as demonstrated by .thesis.tex.aux. | |||||
CVE-2015-2906 | 1 Mobile Devices | 1 C4 Obd-ii Dongle Firmware | 2024-02-04 | 9.0 HIGH | N/A |
Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, store SSH private keys that are the same across different customers' installations, which makes it easier for remote attackers to obtain access by leveraging knowledge of a private key from another installation. | |||||
CVE-2015-2302 | 2024-02-04 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6405. Reason: This candidate is a reservation duplicate of CVE-2014-6405. Notes: All CVE users should reference CVE-2014-6405 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2015-7290 | 1 Arris | 4 Dg860a, Na Model 862 Gw Mono Firmware, Tg862a and 1 more | 2024-02-04 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote attackers to inject arbitrary web script or HTML via the pwd parameter. | |||||
CVE-2016-0889 | 1 Dell | 1 Emc Unisphere | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname. | |||||
CVE-2015-4784 | 1 Oracle | 1 Berkeley Db | 2024-02-04 | 6.9 MEDIUM | N/A |
Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640, CVE-2015-2654, CVE-2015-2656, CVE-2015-4754, CVE-2015-4764, CVE-2015-4775, CVE-2015-4776, CVE-2015-4777, CVE-2015-4778, CVE-2015-4780, CVE-2015-4781, CVE-2015-4782, CVE-2015-4783, CVE-2015-4785, CVE-2015-4786, CVE-2015-4787, CVE-2015-4789, and CVE-2015-4790. | |||||
CVE-2015-4252 | 1 Cisco | 1 Telepresence Isdn Gw 3241 | 2024-02-04 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence ISDN Gateway devices with software 2.2(1.106) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90724. | |||||
CVE-2016-0019 | 1 Microsoft | 1 Windows 10 | 2024-02-04 | 9.3 HIGH | 8.1 HIGH |
The Remote Desktop Protocol (RDP) service implementation in Microsoft Windows 10 Gold and 1511 allows remote attackers to bypass intended access restrictions and establish sessions for blank-password accounts via a modified RDP client, aka "Windows Remote Desktop Protocol Security Bypass Vulnerability." | |||||
CVE-2016-0793 | 2 Microsoft, Redhat | 2 Windows, Jboss Wildfly Application Server | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that contains (a) lowercase or (b) "meaningless" characters. | |||||
CVE-2015-4590 | 1 Arduino Json Project | 1 Arduino Json | 2024-02-04 | 5.0 MEDIUM | N/A |
The extractFrom function in Internals/QuotedString.cpp in Arduino JSON before 4.5 allows remote attackers to cause a denial of service (crash) via a JSON string with a \ (backslash) followed by a terminator, as demonstrated by "\\\0", which triggers a buffer overflow and over-read. | |||||
CVE-2016-3205 | 1 Microsoft | 3 Internet Explorer, Jscript, Vbscript | 2024-02-04 | 7.6 HIGH | 7.5 HIGH |
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3206 and CVE-2016-3207. | |||||
CVE-2015-7456 | 1 Ibm | 1 Spectrum Scale | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote authenticated users to discover object-storage admin passwords via unspecified vectors. | |||||
CVE-2016-0277 | 1 Ibm | 1 Domino | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0278, CVE-2016-0279, and CVE-2016-0301. | |||||
CVE-2016-2024 | 1 Hp | 2 Insight Contol, Server Migration Package | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
HPE Insight Control before 7.5.1 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors. | |||||
CVE-2016-1678 | 6 Canonical, Debian, Google and 3 more | 10 Ubuntu Linux, Debian Linux, Chrome and 7 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JavaScript code. | |||||
CVE-2015-6549 | 1 Symantec | 1 Netbackup Opscenter | 2024-02-04 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in an application console in the server in Symantec NetBackup OpsCenter before 7.7.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-6856 | 1 Dell | 1 Pre-boot Authentication Driver | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
Dell Pre-Boot Authentication Driver (PBADRV.sys) 1.0.1.5 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x0022201c IOCTL call. | |||||
CVE-2016-0357 | 1 Ibm | 1 Security Identity Manager Adapter | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows remote attackers to conduct clickjacking attacks via a crafted web site. | |||||
CVE-2016-8331 | 1 Libtiff | 1 Libtiff | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality. | |||||
CVE-2016-5395 | 1 Apache | 1 Ranger | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies. |