Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3664 | 1 Trend Micro | 1 Mobile Security | 2016-05-25 | 5.8 MEDIUM | 7.4 HIGH |
| Trend Micro Mobile Security for iOS before 3.2.1188 does not verify the X.509 certificate of the mobile application login server, which allows man-in-the-middle attackers to spoof this server and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-4087 | 1 Huawei | 4 S12700, S12700 Firmware, S5700 and 1 more | 2016-05-25 | 5.1 MEDIUM | 8.1 HIGH |
| Huawei S12700 switches with software before V200R008C00SPC500 and S5700 switches with software before V200R005SPH010, when the debug switch is enabled, allows remote attackers to cause a denial of service or execute arbitrary code via crafted DNS packets. | |||||
| CVE-2016-4568 | 1 Linux | 1 Linux Kernel | 2016-05-24 | 7.2 HIGH | 7.8 HIGH |
| drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux kernel before 4.5.3 allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a crafted number of planes in a VIDIOC_DQBUF ioctl call. | |||||
| CVE-2015-7557 | 1 Gnome | 1 Librsvg | 2016-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document. | |||||
| CVE-2016-2536 | 2 Google, Sap | 2 Sketchup, 3d Visual Enterprise Viewer | 2016-05-20 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be SketchUp. | |||||
| CVE-2016-4425 | 1 Jansson Project | 1 Jansson | 2016-05-19 | 5.0 MEDIUM | 7.5 HIGH |
| Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data. | |||||
| CVE-2016-0341 | 1 Ibm | 2 B2b Advanced Communications, Multi-enterprise Integration Gateway | 2016-05-19 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 through 1.0.0.4 do not require HTTPS, which might allow remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2016-1208 | 2 Apple, Filemaker | 2 Mac Os X, Filemaker | 2016-05-19 | 5.0 MEDIUM | 7.5 HIGH |
| The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code via unspecified vectors. | |||||
| CVE-2015-8156 | 1 Symantec | 1 Endpoint Encryption | 2016-05-18 | 7.2 HIGH | 7.8 HIGH |
| Unquoted Windows search path vulnerability in EEDService in Symantec Endpoint Encryption (SEE) 11.x before 11.1.1 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe. | |||||
| CVE-2015-8106 | 2 Fedoraproject, Latex2rtf Project | 2 Fedora, Latex2rtf | 2016-05-18 | 9.3 HIGH | 7.8 HIGH |
| Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file. | |||||
| CVE-2016-3628 | 1 Tibco | 3 Enterprise Message Service, Enterprise Message Service Appliance, Enterprise Message Service Appliance Firmware | 2016-05-18 | 6.5 MEDIUM | 8.8 HIGH |
| Buffer overflow in tibemsd in the server in TIBCO Enterprise Message Service (EMS) before 8.3.0 and EMS Appliance before 2.4.0 allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via crafted inbound data. | |||||
| CVE-2014-0236 | 1 Php | 1 Php | 2016-05-18 | 5.0 MEDIUM | 7.5 HIGH |
| file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a zero root_storage value in a CDF file, related to cdf.c and readcdf.c. | |||||
| CVE-2016-2456 | 1 Google | 2 Android, Android One | 2016-05-16 | 5.1 MEDIUM | 7.0 HIGH |
| The MediaTek Wi-Fi driver in Android before 2016-05-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 27275187. | |||||
| CVE-2015-5726 | 2 Botan Project, Debian | 2 Botan, Debian Linux | 2016-05-16 | 5.0 MEDIUM | 7.5 HIGH |
| The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data. | |||||
| CVE-2014-9742 | 1 Botan Project | 1 Botan | 2016-05-16 | 5.0 MEDIUM | 7.5 HIGH |
| The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a DH group. | |||||
| CVE-2016-2060 | 1 Google | 1 Android | 2016-05-16 | 9.3 HIGH | 7.8 HIGH |
| server/TetherController.cpp in the tethering controller in netd, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate upstream interface names, which allows attackers to bypass intended access restrictions via a crafted application. | |||||
| CVE-2015-5727 | 2 Botan Project, Debian | 2 Botan, Debian Linux | 2016-05-13 | 7.8 HIGH | 7.5 HIGH |
| The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field. | |||||
| CVE-2016-2461 | 1 Google | 1 Android | 2016-05-10 | 7.6 HIGH | 7.0 HIGH |
| OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles resets of the Additional Authenticated Data (AAD) array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bugs 27324690 and 27696681. | |||||
| CVE-2016-2462 | 1 Google | 1 Android | 2016-05-10 | 7.6 HIGH | 7.0 HIGH |
| OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles updates of the Additional Authenticated Data (AAD) array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bug 27371173. | |||||
| CVE-2016-2439 | 1 Google | 1 Android | 2016-05-10 | 5.4 MEDIUM | 8.8 HIGH |
| Buffer overflow in btif/src/btif_dm.c in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows remote attackers to execute arbitrary code via a long PIN value, aka internal bug 27411268. | |||||
| CVE-2016-2449 | 1 Google | 1 Android | 2016-05-10 | 9.3 HIGH | 7.8 HIGH |
| services/camera/libcameraservice/device3/Camera3Device.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate template IDs, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27568958. | |||||
| CVE-2016-2448 | 1 Google | 1 Android | 2016-05-10 | 9.3 HIGH | 7.8 HIGH |
| media/libmediaplayerservice/nuplayer/NuPlayerStreamListener.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly validate entry data structures, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27533704. | |||||
| CVE-2016-2452 | 1 Google | 1 Android | 2016-05-10 | 9.3 HIGH | 7.8 HIGH |
| codecs/amrnb/dec/SoftAMR.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bugs 27662364 and 27843673. | |||||
| CVE-2016-2440 | 1 Google | 1 Android | 2016-05-10 | 9.3 HIGH | 7.8 HIGH |
| libs/binder/IPCThreadState.cpp in Binder in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 mishandles object references, which allows attackers to gain privileges via a crafted application, aka internal bug 27252896. | |||||
| CVE-2016-2430 | 1 Google | 1 Android | 2016-05-10 | 9.3 HIGH | 7.8 HIGH |
| libbacktrace/Backtrace.cpp in debuggerd in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to gain privileges via an application containing a crafted symbol name, aka internal bug 27299236. | |||||
| CVE-2016-2450 | 1 Google | 1 Android | 2016-05-10 | 9.3 HIGH | 7.8 HIGH |
| codecs/on2/enc/SoftVPXEncoder.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate OMX buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27569635. | |||||
| CVE-2016-2451 | 1 Google | 1 Android | 2016-05-10 | 9.3 HIGH | 7.8 HIGH |
| codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate VPX output buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27597103. | |||||
| CVE-2016-2353 | 1 Accellion | 1 File Transfer Appliance | 2016-05-10 | 7.2 HIGH | 7.8 HIGH |
| The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows local users to add an SSH key to an arbitrary group, and consequently gain privileges, via unspecified vectors. | |||||
| CVE-2016-4535 | 1 Mcafee | 1 Livesafe | 2016-05-10 | 7.8 HIGH | 7.5 HIGH |
| Integer signedness error in the AV engine before DAT 8145, as used in McAfee LiveSafe 14.0, allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted packed executable. | |||||
| CVE-2016-2094 | 1 Jboss | 1 Enterprise Application Platform | 2016-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| The HTTPS NIO Connector allows remote attackers to cause a denial of service (thread consumption) by opening a socket and not sending an SSL handshake, aka a read-timeout vulnerability. | |||||
| CVE-2016-1368 | 1 Cisco | 1 Firesight System Software | 2016-05-09 | 7.8 HIGH | 7.5 HIGH |
| Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced Malware Protection (AMP) for Networks component on these appliances, allows remote attackers to cause a denial of service (packet-processing outage) via crafted packets, aka Bug ID CSCuu86214. | |||||
| CVE-2016-2432 | 1 Google | 4 Android, Nexus 5, Nexus 6 and 1 more | 2016-05-09 | 9.3 HIGH | 7.8 HIGH |
| The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 6 and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 25913059. | |||||
| CVE-2016-2437 | 1 Google | 2 Android, Nexus 9 | 2016-05-09 | 9.3 HIGH | 7.8 HIGH |
| The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27436822. | |||||
| CVE-2016-2445 | 1 Google | 2 Android, Nexus 9 | 2016-05-09 | 7.6 HIGH | 7.0 HIGH |
| The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27253079. | |||||
| CVE-2016-2453 | 1 Google | 2 Android, Android One | 2016-05-09 | 7.6 HIGH | 7.0 HIGH |
| The MediaTek Wi-Fi driver in Android before 2016-05-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 27549705. | |||||
| CVE-2016-2435 | 1 Google | 2 Android, Nexus 9 | 2016-05-09 | 9.3 HIGH | 7.8 HIGH |
| The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27297988. | |||||
| CVE-2016-2444 | 1 Google | 2 Android, Nexus 9 | 2016-05-09 | 7.6 HIGH | 7.0 HIGH |
| The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27208332. | |||||
| CVE-2016-2443 | 1 Google | 3 Android, Nexus 5, Nexus 7 \(2013\) | 2016-05-09 | 7.6 HIGH | 7.0 HIGH |
| The Qualcomm MDP driver in Android before 2016-05-01 on Nexus 5 and Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 26404525. | |||||
| CVE-2016-2436 | 1 Google | 2 Android, Nexus 9 | 2016-05-09 | 9.3 HIGH | 7.8 HIGH |
| The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27299111. | |||||
| CVE-2016-2352 | 1 Accellion | 1 File Transfer Appliance | 2016-05-09 | 6.5 MEDIUM | 8.8 HIGH |
| The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote authenticated users to execute arbitrary commands by leveraging the YUM_CLIENT restricted-user role. | |||||
| CVE-2016-3171 | 3 Debian, Drupal, Php | 3 Debian Linux, Drupal, Php | 2016-05-09 | 6.8 MEDIUM | 8.1 HIGH |
| Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation. | |||||
| CVE-2016-0863 | 1 Tollgrade | 1 Smartgrid Lighthouse Sensor Management System | 2016-05-09 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2016-2280 | 1 Honeywell | 1 Uniformance Process History Database | 2016-05-06 | 7.8 HIGH | 7.5 HIGH |
| Buffer overflow in RDISERVER in Honeywell Uniformance Process History Database (PHD) R310, R320, and R321 allows remote attackers to cause a denial of service (service outage) via unspecified vectors. | |||||
| CVE-2016-2070 | 1 Linux | 1 Linux Kernel | 2016-05-06 | 7.8 HIGH | 7.5 HIGH |
| The tcp_cwnd_reduction function in net/ipv4/tcp_input.c in the Linux kernel before 4.3.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via crafted TCP traffic. | |||||
| CVE-2016-1202 | 1 Atom | 1 Electron | 2016-05-04 | 7.2 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Atom Electron before 0.33.5 allows local users to gain privileges via a Trojan horse Node.js module in a parent directory of a directory named on a require line. | |||||
| CVE-2016-2333 | 1 Systech | 2 Syslink Sl-1000 Modular Gateway, Syslink Sl-1000 Modular Gateway Firmware | 2016-05-04 | 5.0 MEDIUM | 7.5 HIGH |
| SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers' installations, which allows attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | |||||
| CVE-2016-2332 | 1 Systech | 2 Syslink Sl-1000 Modular Gateway, Syslink Sl-1000 Modular Gateway Firmware | 2016-05-04 | 9.0 HIGH | 8.8 HIGH |
| flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 allows remote authenticated users to execute arbitrary commands via the 5066 (aka dnsmasq) parameter. | |||||
| CVE-2016-2346 | 1 Allroundautomations | 1 Pl\/sql Developer | 2016-05-04 | 6.8 MEDIUM | 8.1 HIGH |
| Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream. | |||||
| CVE-2016-4349 | 1 Cisco | 1 Webex Productivity Tools | 2016-05-04 | 7.2 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Cisco WebEx Productivity Tools 2.40.5001.10012 allows local users to gain privileges via a Trojan horse cryptsp.dll, dwmapi.dll, msimg32.dll, ntmarta.dll, propsys.dll, riched20.dll, rpcrtremote.dll, secur32.dll, sxs.dll, or uxtheme.dll file in the current working directory, aka Bug ID CSCuy56140. | |||||
| CVE-2016-2293 | 1 Accuenergy | 4 Acuvim Ii, Acuvim Ii Net Firmware, Acuvim Iir and 1 more | 2016-04-28 | 7.5 HIGH | 8.6 HIGH |
| The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover settings via a direct request to an unspecified URL. | |||||