Total
241118 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1790 | 1 Apple | 1 Iphone Os | 2024-02-04 | 4.3 MEDIUM | 3.3 LOW |
| Buffer overflow in the Accessibility component in Apple iOS before 9.3.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |||||
| CVE-2016-2863 | 1 Ibm | 1 Websphere Commerce | 2024-02-04 | 6.0 MEDIUM | 8.0 HIGH |
| Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2014-9875 | 1 Google | 1 Android | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal bug 28767589 and Qualcomm internal bug CR483310. | |||||
| CVE-2016-2089 | 1 Jasper Project | 1 Jasper | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image. | |||||
| CVE-2015-6128 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2024-02-04 | 7.2 HIGH | N/A |
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Windows Library Loading Remote Code Execution Vulnerability." | |||||
| CVE-2016-3419 | 1 Oracle | 1 Solaris Operating System | 2024-02-04 | 2.1 LOW | 3.3 LOW |
| Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to Filesystem. | |||||
| CVE-2015-5562 | 4 Adobe, Apple, Linux and 1 more | 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more | 2024-02-04 | 10.0 HIGH | N/A |
| Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-5554, CVE-2015-5555, and CVE-2015-5558. | |||||
| CVE-2016-3258 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Rt 8.1 and 1 more | 2024-02-04 | 1.2 LOW | 4.7 MEDIUM |
| Race condition in the kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Low Integrity protection mechanism and write to files by leveraging unspecified object-manager features, aka "Windows File System Security Feature Bypass." | |||||
| CVE-2015-6139 | 1 Microsoft | 2 Edge, Internet Explorer | 2024-02-04 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 11 and Microsoft Edge mishandle content types, which allows remote attackers to execute arbitrary web script in a privileged context via a crafted web site, aka "Microsoft Browser Elevation of Privilege Vulnerability." | |||||
| CVE-2016-0524 | 1 Oracle | 1 E-business Suite | 2024-02-04 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Universal Work Queue component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Work Provider Administration. | |||||
| CVE-2016-6288 | 1 Php | 1 Php | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type. | |||||
| CVE-2015-1904 | 1 Ibm | 1 Business Process Manager | 2024-02-04 | 3.5 LOW | N/A |
| IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration, allows remote authenticated users to bypass intended document-access restrictions via a (1) upload or (2) download action. | |||||
| CVE-2015-4094 | 1 Thycotic | 1 Secret Server | 2024-02-04 | 5.8 MEDIUM | N/A |
| The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-0718 | 1 Cisco | 3 Nx-os, Nx-os 1000v Switch, Unified Computing System | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579. | |||||
| CVE-2016-1562 | 1 Dte Energy | 1 Insight | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| The REST API in the DTE Energy Insight application before 1.7.8 for Android allows remote authenticated users to obtain unspecified customer information via a SQL expression in the filter parameter. | |||||
| CVE-2016-5488 | 1 Oracle | 1 Weblogic Server | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.3.0 allows remote attackers to affect availability via vectors related to Web Container, a different vulnerability than CVE-2016-3445. | |||||
| CVE-2016-1459 | 1 Cisco | 2 Ios, Ios Xe | 2024-02-04 | 4.9 MEDIUM | 5.3 MEDIUM |
| Cisco IOS 12.4 and 15.0 through 15.5 and IOS XE 3.13 through 3.17 allow remote authenticated users to cause a denial of service (device reload) via crafted attributes in a BGP message, aka Bug ID CSCuz21061. | |||||
| CVE-2016-1959 | 1 Mozilla | 1 Firefox | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via unspecified use of the Clients API. | |||||
| CVE-2015-2918 | 1 Orientdb | 1 Orientdb | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | |||||
| CVE-2015-3046 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2024-02-04 | 10.0 HIGH | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9161, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3056, CVE-2015-3057, CVE-2015-3070, and CVE-2015-3076. | |||||