Search
Total
9231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3920 | 1 Google | 1 Android | 2016-11-28 | 7.1 HIGH | 5.5 MEDIUM |
| id3/ID3.cpp in libstagefright in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 30744884. | |||||
| CVE-2016-3830 | 1 Google | 1 Android | 2016-11-28 | 7.1 HIGH | 5.5 MEDIUM |
| codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device hang or reboot) via crafted ADTS data, aka internal bug 29153599. | |||||
| CVE-2016-3831 | 1 Google | 1 Android | 2016-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| The telephony component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device crash) via a NITZ time value of 2038-01-19 or later that is mishandled by the system clock, aka internal bug 29083635, related to a "Year 2038 problem." | |||||
| CVE-2016-3826 | 1 Google | 1 Android | 2016-11-28 | 4.6 MEDIUM | 7.8 HIGH |
| services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the reply size for an AudioFlinger effect command, which allows attackers to gain privileges via a crafted application, aka internal bug 29251553. | |||||
| CVE-2016-3082 | 1 Apache | 1 Struts | 2016-11-28 | 10.0 HIGH | 9.8 CRITICAL |
| XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter. | |||||
| CVE-2016-3093 | 2 Apache, Ognl Project | 2 Struts, Ognl | 2016-11-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors. | |||||
| CVE-2016-3000 | 1 Ibm | 1 Connections | 2016-11-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| The help service in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to cause a denial of service (service degradation) via a crafted URL. | |||||
| CVE-2016-2390 | 1 Squid-cache | 1 Squid | 2016-11-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message. | |||||
| CVE-2016-1441 | 1 Cisco | 1 Cloud Network Automation Provisioner | 2016-11-28 | 6.4 MEDIUM | 8.2 HIGH |
| Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Configuration Assistant (CCA) allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET API calls, aka Bug ID CSCuy77145. | |||||
| CVE-2016-0815 | 1 Google | 1 Android | 2016-11-28 | 10.0 HIGH | 9.8 CRITICAL |
| The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26365349. | |||||
| CVE-2015-8899 | 2 Canonical, Thekelleys | 2 Ubuntu Linux, Dnsmasq | 2016-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally. | |||||
| CVE-2015-8265 | 1 Huawei | 4 E5151, E5151 Firmware, E5186 and 1 more | 2016-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| Huawei Mobile WiFi E5151 routers with software before E5151s-2TCPU-V200R001B146D27SP00C00 and E5186 routers with software before V200R001B310D01SP00C00 allow DNS query packets using the static source port, which makes it easier for remote attackers to spoof responses via unspecified vectors. | |||||
| CVE-2015-7931 | 1 Adcon | 1 A840 Telemetry Gateway Base Station Firmware | 2016-11-28 | 5.8 MEDIUM | 8.7 HIGH |
| The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information by reading cleartext packet data, related to the lack of SSL support. | |||||
| CVE-2015-8019 | 1 Linux | 1 Linux Kernel | 2016-11-28 | 7.2 HIGH | 7.8 HIGH |
| The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call. | |||||
| CVE-2015-8040 | 1 Samsung | 1 Smartviewer | 2016-11-28 | 6.8 MEDIUM | N/A |
| The rtsp_getdlsendtime method in the CNC_Ctrl control in Samsung SmartViewer allows remote attackers to execute arbitrary code via an index value. | |||||
| CVE-2015-7282 | 1 Readynet Solutions | 2 Wrt300n-dd, Wrt300n-dd Firmware | 2016-11-28 | 4.3 MEDIUM | 5.8 MEDIUM |
| ReadyNet WRT300N-DD devices with firmware 1.0.26 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the destination port. | |||||
| CVE-2015-6934 | 1 Vmware | 2 Vcenter Orchestrator, Vrealize Orchestrator | 2016-11-28 | 7.5 HIGH | 7.3 HIGH |
| Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | |||||
| CVE-2015-6426 | 1 Cisco | 1 Prime Network Services Controller | 2016-11-28 | 7.2 HIGH | N/A |
| Cisco Prime Network Services Controller 3.0 allows local users to bypass intended access restrictions and execute arbitrary commands via additional parameters to an unspecified command, aka Bug ID CSCus99427. | |||||
| CVE-2015-2822 | 1 Siemens | 1 Wincc | 2016-11-28 | 4.3 MEDIUM | N/A |
| Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102. | |||||
| CVE-2015-0701 | 1 Cisco | 1 Unified Computing System Central Software | 2016-11-28 | 10.0 HIGH | N/A |
| Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961. | |||||
| CVE-2014-9886 | 1 Google | 1 Android | 2016-11-28 | 6.8 MEDIUM | 7.8 HIGH |
| arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815575 and Qualcomm internal bug CR555030. | |||||
| CVE-2014-9864 | 1 Google | 1 Android | 2016-11-28 | 9.3 HIGH | 7.8 HIGH |
| drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747998 and Qualcomm internal bug CR561841. | |||||
| CVE-2014-9866 | 1 Google | 1 Android | 2016-11-28 | 9.3 HIGH | 7.8 HIGH |
| drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747684 and Qualcomm internal bug CR511358. | |||||
| CVE-2014-9872 | 1 Google | 1 Android | 2016-11-28 | 6.8 MEDIUM | 7.8 HIGH |
| The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28750155 and Qualcomm internal bug CR590721. | |||||
| CVE-2014-9884 | 1 Google | 1 Android | 2016-11-28 | 6.8 MEDIUM | 7.8 HIGH |
| drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769920 and Qualcomm internal bug CR580740. | |||||
| CVE-2014-9889 | 1 Google | 1 Android | 2016-11-28 | 6.8 MEDIUM | 7.8 HIGH |
| drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803645 and Qualcomm internal bug CR674712. | |||||
| CVE-2014-7142 | 3 Canonical, Oracle, Squid-cache | 3 Ubuntu Linux, Solaris, Squid | 2016-11-28 | 6.4 MEDIUM | N/A |
| The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size. | |||||
| CVE-2014-3480 | 2 Christos Zoulas, Php | 2 File, Php | 2016-11-28 | 4.3 MEDIUM | N/A |
| The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. | |||||
| CVE-2014-3487 | 2 Christos Zoulas, Php | 2 File, Php | 2016-11-28 | 4.3 MEDIUM | N/A |
| The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. | |||||
| CVE-2014-2360 | 1 Oleumtech | 2 Sensor Wireless I\/o Module, Wio Dh2 Wireless Gateway | 2016-11-28 | 7.5 HIGH | N/A |
| OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage. | |||||
| CVE-2013-4248 | 3 Canonical, Php, Redhat | 3 Ubuntu Linux, Php, Enterprise Linux | 2016-11-28 | 4.3 MEDIUM | N/A |
| The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
| CVE-2013-6444 | 1 Pywbem Project | 1 Pywbem | 2016-11-28 | 5.8 MEDIUM | N/A |
| PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2013-6418 | 1 Pywbem Project | 1 Pywbem | 2016-11-28 | 5.8 MEDIUM | N/A |
| PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate. | |||||
| CVE-2012-5643 | 1 Squid-cache | 1 Squid | 2016-11-28 | 5.0 MEDIUM | N/A |
| Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials. | |||||
| CVE-2010-2252 | 1 Gnu | 1 Wget | 2016-11-28 | 6.8 MEDIUM | N/A |
| GNU Wget 1.12 and earlier uses a server-provided filename instead of the original URL to determine the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a 3xx redirect to a URL with a .wgetrc filename followed by a 3xx redirect to a URL with a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. | |||||
| CVE-2009-1436 | 1 Freebsd | 1 Freebsd | 2016-11-28 | 4.9 MEDIUM | N/A |
| The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file. | |||||
| CVE-2005-1787 | 1 Phpstat | 1 Phpstat | 2016-11-25 | 7.5 HIGH | N/A |
| setup.php in phpStat 1.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the $check variable. | |||||
| CVE-2016-2996 | 1 Ibm | 1 Security Privileged Identity Manager | 2016-11-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, allows remote authenticated users to append to arbitrary files via unspecified vectors. | |||||
| CVE-2006-6943 | 1 Phpmyadmin | 1 Phpmyadmin | 2016-11-18 | 5.0 MEDIUM | N/A |
| PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to (a) scripts/check_lang.php and (b) themes/darkblue_orange/layout.inc.php; and via the (1) lang[], (2) target[], (3) db[], (4) goto[], (5) table[], and (6) tbl_group[] array arguments to (c) index.php, and the (7) back[] argument to (d) sql.php; and an invalid (8) sort_by parameter to (e) server_databases.php and (9) db parameter to (f) db_printview.php. | |||||
| CVE-2010-2598 | 1 Redhat | 1 Enterprise Linux | 2016-11-08 | 4.3 MEDIUM | N/A |
| LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input." | |||||
| CVE-2013-1431 | 1 Simon Mcvittie | 1 Telepathy Gabble | 2016-11-08 | 6.8 MEDIUM | N/A |
| The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x before 0.17.4, when connecting to a "legacy Jabber server," does not properly enforce the WockyConnector:tls-required flag, which allows remote attackers to bypass TLS verification and perform a man-in-the-middle attacks. | |||||
| CVE-2016-8869 | 1 Joomla | 1 Joomla\! | 2016-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site. | |||||
| CVE-2000-0400 | 1 Microsoft | 1 Internet Explorer | 2016-11-07 | 7.5 HIGH | N/A |
| The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to download any type of file to a user's system by encoding it within an email message or news post. | |||||
| CVE-2013-3468 | 1 Cisco | 2 Unified Ip Phone 8945, Unified Ip Phone Firmware | 2016-11-07 | 7.8 HIGH | N/A |
| The Cisco Unified IP Phone 8945 with software 9.3(2) allows remote attackers to cause a denial of service (device hang) via a malformed PNG file, aka Bug ID CSCud04270. | |||||
| CVE-2013-5470 | 1 Cisco | 1 Secure Access Control System | 2016-11-04 | 5.0 MEDIUM | N/A |
| Cisco Secure Access Control System (ACS) does not properly handle requests to read from the TACACS+ socket, which allows remote attackers to cause a denial of service (process crash) via malformed TCP packets, aka Bug ID CSCuh12488. | |||||
| CVE-2013-3470 | 1 Cisco | 1 Ios Xr | 2016-11-04 | 5.0 MEDIUM | N/A |
| The RIP process in Cisco IOS XR allows remote attackers to cause a denial of service (process crash) via a crafted version-2 RIP packet, aka Bug ID CSCue46731. | |||||
| CVE-2013-6706 | 1 Cisco | 1 Ios Xe | 2016-11-02 | 5.4 MEDIUM | N/A |
| The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992. | |||||
| CVE-2013-2185 | 2 Apache, Redhat | 3 Tomcat, Jboss Enterprise Application Platform, Jboss Enterprise Portal Platform | 2016-11-01 | 7.5 HIGH | N/A |
| ** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue. | |||||
| CVE-2014-5120 | 1 Php | 1 Php | 2016-10-26 | 6.4 MEDIUM | N/A |
| gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function. | |||||
| CVE-2005-1682 | 1 Solstice | 1 Solstice Internet Mail Server | 2016-10-18 | 2.1 LOW | N/A |
| ** DISPUTED ** JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does not properly validate the message number in the MimeMessage constructor in javax.mail.internet.InternetHeaders, which allows remote authenticated users to read other users' e-mail messages by modifying the msgno parameter. NOTE: Sun disputes this issue, stating "The report makes references to source code and files that do not exist in the mentioned products." | |||||