Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-7149 | 1 B2evolution | 1 B2evolution | 2017-01-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function. | |||||
| CVE-2016-9677 | 1 Citrix | 1 Provisioning Services | 2017-01-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive kernel address information via unspecified vectors. | |||||
| CVE-2016-6283 | 1 Atlassian | 1 Confluence | 2017-01-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action. | |||||
| CVE-2015-8790 | 1 Matroska | 1 Libebml | 2017-01-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which triggers an invalid memory access. | |||||
| CVE-2016-6765 | 1 Google | 1 Android | 2017-01-19 | 7.1 HIGH | 5.5 MEDIUM |
| A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 7.0. Android ID: A-31449945. | |||||
| CVE-2016-6764 | 1 Google | 1 Android | 2017-01-19 | 7.1 HIGH | 5.5 MEDIUM |
| A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31681434. | |||||
| CVE-2016-6769 | 1 Google | 1 Android | 2017-01-19 | 2.1 LOW | 4.6 MEDIUM |
| An elevation of privilege vulnerability in Smart Lock could enable a local malicious user to access Smart Lock settings without a PIN. This issue is rated as Moderate because it first requires physical access to an unlocked device where Smart Lock was the last settings pane accessed by the user. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-29055171. | |||||
| CVE-2016-6767 | 1 Google | 1 Android | 2017-01-19 | 7.1 HIGH | 5.5 MEDIUM |
| A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4. Android ID: A-31833604. | |||||
| CVE-2016-6766 | 1 Google | 1 Android | 2017-01-19 | 7.1 HIGH | 5.5 MEDIUM |
| A denial of service vulnerability in libmedia and libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31318219. | |||||
| CVE-2016-6773 | 1 Google | 1 Android | 2017-01-19 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in the ih264d decoder in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0. Android ID: A-30481714. | |||||
| CVE-2015-8667 | 1 Exponentcms | 1 Exponent Cms | 2017-01-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email. | |||||
| CVE-2016-6763 | 1 Google | 1 Android | 2017-01-19 | 7.1 HIGH | 5.5 MEDIUM |
| A denial of service vulnerability in Telephony could enable a local malicious application to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of local permanent denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31530456. | |||||
| CVE-2015-8684 | 1 Exponentcms | 1 Exponent Cms | 2017-01-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension, then accessing it via the elFinder functionality. | |||||
| CVE-2016-6887 | 1 Matrixssl | 1 Matrixssl | 2017-01-19 | 4.3 MEDIUM | 5.9 MEDIUM |
| The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack. | |||||
| CVE-2016-8671 | 1 Matrixssl | 1 Matrixssl | 2017-01-19 | 4.3 MEDIUM | 5.9 MEDIUM |
| The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6887. | |||||
| CVE-2016-8404 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 4.3 MEDIUM | 4.7 MEDIUM |
| An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31496950. | |||||
| CVE-2016-8403 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 4.3 MEDIUM | 4.7 MEDIUM |
| An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31495348. | |||||
| CVE-2016-8406 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 4.3 MEDIUM | 4.7 MEDIUM |
| An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31796940. | |||||
| CVE-2016-8408 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31496571. References: N-CVE-2016-8408. | |||||
| CVE-2016-8409 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31495687. References: N-CVE-2016-8409. | |||||
| CVE-2016-8407 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 4.3 MEDIUM | 4.7 MEDIUM |
| An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31802656. | |||||
| CVE-2016-8410 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31498403. References: QC-CR#987010. | |||||
| CVE-2016-5737 | 1 Openstack | 1 Puppet-gerrit | 2017-01-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Gerrit configuration in the Openstack Puppet module for Gerrit (aka puppet-gerrit) improperly marks text/html as a safe mimetype, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a crafted review. | |||||
| CVE-2016-8402 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 4.3 MEDIUM | 4.7 MEDIUM |
| An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31495231. | |||||
| CVE-2016-8401 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 4.3 MEDIUM | 4.7 MEDIUM |
| An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31494725. | |||||
| CVE-2017-0396 | 1 Google | 1 Android | 2017-01-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in visualizer/EffectVisualizer.cpp in libeffects in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31781965. | |||||
| CVE-2017-0397 | 1 Google | 1 Android | 2017-01-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32377688. | |||||
| CVE-2016-8605 | 2 Fedoraproject, Gnu | 2 Fedora, Guile | 2017-01-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected. | |||||
| CVE-2017-0398 | 1 Google | 1 Android | 2017-01-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android IDs: A-32438594, A-32635664. | |||||
| CVE-2016-5009 | 1 Redhat | 7 Ceph, Ceph Storage Mon, Ceph Storage Osd and 4 more | 2017-01-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix. | |||||
| CVE-2017-0388 | 1 Google | 1 Android | 2017-01-18 | 2.1 LOW | 5.5 MEDIUM |
| An elevation of privilege vulnerability in the External Storage Provider could enable a local secondary user to read data from an external storage SD card inserted by the primary user. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32523490. | |||||
| CVE-2016-8467 | 1 Google | 1 Android | 2017-01-18 | 4.9 MEDIUM | 5.5 MEDIUM |
| An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service (device interoperability: completely permanent or requiring re-flashing the entire operating system). Product: Android. Versions: N/A. Android ID: A-30308784. | |||||
| CVE-2016-8472 | 1 Google | 1 Android | 2017-01-18 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31531758. References: MT-ALPS02961384. | |||||
| CVE-2016-8006 | 1 Mcafee | 1 Security Information And Event Management | 2017-01-18 | 1.7 LOW | 4.4 MEDIUM |
| Authentication bypass vulnerability in Enterprise Security Manager (ESM) and License Manager (LM) in Intel Security McAfee Security Information and Event Management (SIEM) 9.6.0 MR3 allows an administrator to make changes to other SIEM users' information including user passwords without supplying the current administrator password a second time via the GUI or GUI terminal commands. | |||||
| CVE-2016-8471 | 1 Google | 1 Android | 2017-01-18 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31528890. References: MT-ALPS02961380. | |||||
| CVE-2017-2947 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2017-01-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have a security bypass vulnerability when manipulating Form Data Format (FDF). | |||||
| CVE-2016-8396 | 1 Google | 1 Android | 2017-01-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in the MediaTek video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-31249105. | |||||
| CVE-2016-8460 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-31668540. References: N-CVE-2016-8460. | |||||
| CVE-2016-8461 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access sensitive data. Product: Android. Versions: Kernel-3.18. Android ID: A-32369621. | |||||
| CVE-2016-8462 | 1 Google | 1 Android | 2017-01-18 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access sensitive data. Product: Android. Versions: N/A. Android ID: A-32510383. | |||||
| CVE-2016-8473 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31795790. | |||||
| CVE-2016-8474 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the STMicroelectronics driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31799972. | |||||
| CVE-2016-8475 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the HTC input driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32591129. | |||||
| CVE-2016-8470 | 1 Google | 1 Android | 2017-01-18 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31528889. References: MT-ALPS02961395. | |||||
| CVE-2016-8463 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 7.1 HIGH | 5.5 MEDIUM |
| A denial of service vulnerability in the Qualcomm FUSE file system could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30786860. References: QC-CR#586855. | |||||
| CVE-2016-8469 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in the camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31351206. References: N-CVE-2016-8469. | |||||
| CVE-2016-7916 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 4.7 MEDIUM | 5.5 MEDIUM |
| Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete. | |||||
| CVE-2016-6678 | 1 Google | 1 Android | 2017-01-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| The Motorola USBNet driver in Android before 2016-10-05 on Nexus 6 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 29914434. | |||||
| CVE-2016-6774 | 1 Google | 1 Android | 2017-01-18 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in Package Manager could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: 7.0. Android ID: A-31251489. | |||||
| CVE-2016-6756 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 2.6 LOW | 4.7 MEDIUM |
| An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29464815. References: QC-CR#1042068. | |||||