Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8518 | 1 Hp | 1 Systems Insight Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found.
|
|||||
| CVE-2016-8516 | 1 Hp | 1 Systems Insight Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found.
|
|||||
| CVE-2016-6813 | 1 Apache | 1 Cloudstack | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another (non-"root") CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn accessing their account and resources.
|
|||||
| CVE-2016-5194 | 1 Google | 1 Chrome | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Unspecified vulnerabilities in Google Chrome before 54.0.2840.59.
|
|||||
| CVE-2016-4606 | 2 Apple, Haxx | 2 Mac Os X, Curl | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks.
|
|||||
| CVE-2016-4427 | 1 Zulip | 1 Zulip | 2024-11-21 | N/A | 7.5 HIGH |
|
In zulip before 1.3.12, deactivated users could access messages if SSO was enabled.
|
|||||
| CVE-2016-4426 | 1 Zulip | 1 Zulip | 2024-11-21 | N/A | 4.3 MEDIUM |
|
In zulip before 1.3.12, bot API keys were accessible to other users in the same realm.
|
|||||
| CVE-2016-20010 | 1 Ewww | 1 Image Optimizer | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
|
EWWW Image Optimizer before 2.8.5 allows remote command execution because it relies on a protection mechanism involving boolval, which is unavailable before PHP 5.5.
|
|||||
| CVE-2016-20006 | 1 Rest\/json Project | 1 Rest\/json | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The REST/JSON project 7.x-1.x for Drupal allows blockage of user logins, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.
|
|||||
| CVE-2016-1239 | 1 Debian | 1 Duck | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
duck before 0.10 did not properly handle loading of untrusted code from the current directory.
|
|||||
| CVE-2016-1203 | 2 Microsoft, Saat | 3 Windows, Netizen, Netizen Installer | 2024-11-21 | N/A | 8.1 HIGH |
|
Improper file verification vulnerability in SaAT Netizen installer ver.1.2.0.424 and earlier, and SaAT Netizen ver.1.2.0.8 (Build427) and earlier allows a remote unauthenticated attacker to conduct a man-in-the-middle attack. A successful exploitation may result in a malicious file being downloaded and executed.
|
|||||
| CVE-2016-15024 | 1 Doomsider Shadow Project | 1 Doomsider Shadow | 2024-11-21 | 1.0 LOW | 2.5 LOW |
|
A vulnerability was found in doomsider shadow. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is told to be difficult. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 3332c5ba9ec3014ddc74e2147190a050eee97bc0 ...
Show More |
|||||
| CVE-2016-11060 | 1 Netgear | 8 Fvs318g, Fvs318g Firmware, Fvs318n and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Certain NETGEAR devices are affected by insecure renegotiation. This affects SRX5308 before 2017-02-10, FVS336Gv3 before 2017-02-10, FVS318N before 2017-02-10, and FVS318Gv2 before 2017-02-10.
|
|||||
| CVE-2016-11056 | 1 Netgear | 1 Readynas Surveillance | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
Certain NETGEAR devices are affected by anonymous root access. This affects ReadyNAS Surveillance 1.1.1-3-armel and earlier and ReadyNAS Surveillance 1.4.1-3-amd64 and earlier.
|
|||||
| CVE-2016-11050 | 1 Samsung | 10 Note2, Note2 Firmware, Note3 and 7 more | 2024-11-21 | 2.1 LOW | 4.3 MEDIUM |
|
An issue was discovered on Samsung mobile devices with S3(KK), Note2(KK), S4(L), Note3(L), and S5(L) software. An attacker can rewrite the IMEI by flashing crafted firmware. The Samsung ID is SVE-2016-5562 (March 2016).
|
|||||
| CVE-2016-11049 | 1 Google | 1 Android | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
An issue was discovered on Samsung mobile devices with software through 2016-01-16 (Shannon333/308/310 chipsets). The IMEI may be retrieved and modified because of an error in managing key information. The Samsung ID is SVE-2016-5435 (March 2016).
|
|||||
| CVE-2016-10471 | 1 Qualcomm | 16 Sd 425, Sd 425 Firmware, Sd 430 and 13 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, an unsigned RTIC health report susceptible to tampering by malware executing in the context of the HLOS may be requested.
|
|||||
| CVE-2016-10424 | 1 Qualcomm | 48 Mdm9206, Mdm9206 Firmware, Mdm9650 and 45 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 820, SD 820A, SD 835, SD 845, and SD 850, upgrading LibPNG from 1.6.12 to 1.6.21 fixes multiple issues with different CWEs.
|
|||||
| CVE-2015-9551 | 1 Totolink | 16 A850r-v1, A850r-v1 Firmware, F1-v2 and 13 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. There is Remote Code Execution in the management interface via the formSysCmd sysCmd parameter.
|
|||||
| CVE-2015-9217 | 1 Qualcomm | 48 Msm8909w, Msm8909w Firmware, Sd 205 and 45 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, certain malformed HVEC clips could cause an assertion to fail.
|
|||||
| CVE-2015-9216 | 1 Qualcomm | 44 Mdm9206, Mdm9206 Firmware, Mdm9607 and 41 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, and SD 810, improper handling of simultaneous interrupt in USB module during USB RESET and EP COMPLETE.
|
|||||
| CVE-2015-4952 | 1 Ibm | 1 Endpoint Manager For Remote Control | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The on-demand plugin in IBM Endpoint Manager for Remote Control 9.0.1 and 9.1.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. IBM X-Force ID: 105196.
|
|||||
| CVE-2015-3641 | 1 Bitcoin | 1 Bitcoin Core | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an "Easy" attack.
|
|||||
| CVE-2015-3159 | 1 Redhat | 1 Automatic Bug Reporting Tool | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges.
|
|||||
| CVE-2015-2929 | 1 Torproject | 1 Tor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and application exit) via a malformed HS descriptor.
|
|||||
| CVE-2015-2928 | 1 Torproject | 1 Tor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The Hidden Service (HS) server implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors.
|
|||||
| CVE-2015-2179 | 1 Xaviershay-dm-rails Porject | 1 Xaviershay-dm-rails | 2024-11-21 | N/A | 5.5 MEDIUM |
|
The xaviershay-dm-rails gem 0.10.3.8 for Ruby allows local users to discover MySQL credentials by listing a process and its arguments.
|
|||||
| CVE-2015-10085 | 1 Gopistolet Project | 1 Gopistolet | 2024-11-21 | 2.7 LOW | 3.5 LOW |
|
A vulnerability was found in GoPistolet. It has been declared as problematic. This vulnerability affects unknown code of the component MTA. The manipulation leads to denial of service. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as b91aa4674d460993765884e8463c70e6d886bc90. It is recommended to apply a patch to fix this issue. VDB-221506 is the identifier assigned to this v ...
Show More |
|||||
| CVE-2015-10002 | 1 Kiddoware | 1 Kids Place | 2024-11-21 | 2.1 LOW | 5.3 MEDIUM |
|
A vulnerability classified as problematic has been found in Kiddoware Kids Place. This affects the Home Button Protection. A repeated pressing of the button causes a local denial of service. It is recommended to upgrade the affected component.
|
|||||
| CVE-2014-9908 | 1 Google | 1 Android | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
A Denial of Service vulnerability exists in Google Android 4.4.4, 5.0.2, and 5.1.1, which allows malicious users to block Bluetooh access (Android Bug ID A-28672558).
|
|||||
| CVE-2014-9530 | 1 Nwjs | 1 Nw | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A vulnerability exists in nw.js before 0.11.3 when calling nw methods from normal frames, which has an unspecified impact.
|
|||||
| CVE-2014-6059 | 1 Vasyltech | 1 Advanced Access Manager | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary File Overwrite Vulnerability
|
|||||
| CVE-2014-5329 | 1 Tripodworks | 6 Gigapod 2010, Gigapod 2010 Firmware, Gigapod 3 and 3 more | 2024-11-21 | N/A | 7.5 HIGH |
|
GIGAPOD file servers (Appliance model and Software model) provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation.
8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests (CVE-2011-3192), which may lead to a denial-of-service (DoS) condition.
|
|||||
| CVE-2014-5278 | 1 Docker | 1 Docker | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
|
A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs.
|
|||||
| CVE-2014-5013 | 1 Dompdf Project | 1 Dompdf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383.
|
|||||
| CVE-2014-5012 | 1 Dompdf Project | 1 Dompdf | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
DOMPDF before 0.6.2 allows denial of service.
|
|||||
| CVE-2014-4968 | 1 Boatmob | 1 Boat Browser | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The WebView class and use of the WebView.addJavascriptInterface method in the Boat Browser application 8.0 and 8.0.1 for Android allow remote attackers to execute arbitrary code via a crafted web site, a related issue to CVE-2012-6636.
|
|||||
| CVE-2014-3979 | 1 Bytemark | 1 Symbiosis | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Bytemark Symbiosis allows remote attackers to cause a denial of service via a crafted username, which triggers the firewall to blacklist the IP.
|
|||||
| CVE-2014-3539 | 1 Rope Project | 1 Rope | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load.
|
|||||
| CVE-2014-125102 | 1 Bestwebsoft | 1 Relevant | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability classified as problematic was found in Bestwebsoft Relevant Plugin up to 1.0.7 on WordPress. Affected by this vulnerability is an unknown functionality of the component Thumbnail Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 1.0.8 is able to address this issue. The identifier of the patch is 860d1891025548cf0f5f97364c1f51a888f523c3. It is recommended to upgrade the affected component. The identifier VDB-230113 ...
Show More |
|||||