Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-7144 | 1 Unrealircd | 1 Unrealircd | 2017-01-20 | 6.8 MEDIUM | 8.1 HIGH |
| The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter. | |||||
| CVE-2016-6283 | 1 Atlassian | 1 Confluence | 2017-01-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action. | |||||
| CVE-2016-5197 | 1 Google | 1 Chrome | 2017-01-20 | 6.8 MEDIUM | 8.8 HIGH |
| The content view client in Google Chrome prior to 54.0.2840.85 for Android insufficiently validated intent URLs, which allowed a remote attacker who had compromised the renderer process to start arbitrary activity on the system via a crafted HTML page. | |||||
| CVE-2016-5196 | 1 Google | 1 Chrome | 2017-01-20 | 6.8 MEDIUM | 8.8 HIGH |
| The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including those the user was logged into, via a crafted HTML page. | |||||
| CVE-2005-1649 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2017-01-20 | 5.0 MEDIUM | N/A |
| The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, a variant of CVE-2005-0688 and a reoccurrence of the "Land" vulnerability (CVE-1999-0016). | |||||
| CVE-2012-4599 | 1 Mcafee | 1 Smartfilter Administration | 2017-01-20 | 10.0 HIGH | N/A |
| McAfee SmartFilter Administration, and SmartFilter Administration Bess Edition, before 4.2.1.01 does not require authentication for access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to execute arbitrary code via a crafted .war file. | |||||
| CVE-2013-0148 | 1 Faircom | 1 C-treeace | 2017-01-20 | 7.1 HIGH | N/A |
| The Data Camouflage (aka FairCom Standard Encryption) algorithm in FairCom c-treeACE does not ensure that a decryption key is needed for accessing database contents, which allows context-dependent attackers to read cleartext database records by copying a database to another system that has a certain default configuration. | |||||
| CVE-2014-2389 | 1 Blackberry | 2 Blackberry Os, Blackberry Z10 | 2017-01-20 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in a certain decryption function in qconnDoor on BlackBerry Z10 devices with software 10.1.0.2312, when developer-mode has been previously enabled, allows remote attackers to execute arbitrary code via a crafted packet in a TCP session on a wireless network. | |||||
| CVE-2014-9909 | 1 Google | 1 Android | 2017-01-20 | 9.3 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31676542. References: B-RB#26684. | |||||
| CVE-2014-9910 | 1 Google | 1 Android | 2017-01-20 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31746399. References: B-RB#26710. | |||||
| CVE-2015-5119 | 4 Adobe, Apple, Linux and 1 more | 4 Flash Player, Mac Os X, Linux Kernel and 1 more | 2017-01-20 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015. | |||||
| CVE-2015-7872 | 1 Linux | 1 Linux Kernel | 2017-01-20 | 2.1 LOW | N/A |
| The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands. | |||||
| CVE-2015-8789 | 1 Matroska | 1 Libebml | 2017-01-20 | 9.3 HIGH | 9.6 CRITICAL |
| Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document. | |||||
| CVE-2015-8790 | 1 Matroska | 1 Libebml | 2017-01-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which triggers an invalid memory access. | |||||
| CVE-2016-1514 | 2017-01-20 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-8790. Reason: This candidate is a reservation duplicate of CVE-2015-8790. Notes: All CVE users should reference CVE-2015-8790 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2016-1515 | 2017-01-20 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-8789. Reason: This candidate is a reservation duplicate of CVE-2015-8789. Notes: All CVE users should reference CVE-2015-8789 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2016-3128 | 1 Blackberry | 1 Enterprise Service | 2017-01-20 | 6.4 MEDIUM | 8.2 HIGH |
| A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for the BES, or send false information to the BES by gaining access to specific information about a device that was legitimately enrolled on the BES. | |||||
| CVE-2016-6772 | 1 Google | 1 Android | 2017-01-20 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31856351. | |||||
| CVE-2016-7382 | 1 Nvidia | 60 Geforce 910m, Geforce 920m, Geforce 920mx and 57 more | 2017-01-20 | 7.2 HIGH | 7.8 HIGH |
| For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys for Windows or nvidia.ko for Linux) handler where a missing permissions check may allow users to gain access to arbitrary physical memory, leading to an escalation of privileges. | |||||
| CVE-2016-4806 | 1 Web2py | 1 Web2py | 2017-01-19 | 5.0 MEDIUM | 7.5 HIGH |
| Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files. | |||||
| CVE-2016-4808 | 1 Web2py | 1 Web2py | 2017-01-19 | 6.8 MEDIUM | 8.8 HIGH |
| Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim. | |||||
| CVE-2016-6758 | 1 Linux | 1 Linux Kernel | 2017-01-19 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30148882. References: QC-CR#1071731. | |||||
| CVE-2016-6759 | 1 Linux | 1 Linux Kernel | 2017-01-19 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29982686. References: QC-CR#1055766. | |||||
| CVE-2016-6760 | 1 Linux | 1 Linux Kernel | 2017-01-19 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29617572. References: QC-CR#1055783. | |||||
| CVE-2016-6761 | 1 Linux | 1 Linux Kernel | 2017-01-19 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29421682. References: QC-CR#1055792. | |||||
| CVE-2016-6762 | 1 Google | 1 Android | 2017-01-19 | 6.8 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability in the libziparchive library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31251826. | |||||
| CVE-2016-6764 | 1 Google | 1 Android | 2017-01-19 | 7.1 HIGH | 5.5 MEDIUM |
| A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31681434. | |||||
| CVE-2016-6765 | 1 Google | 1 Android | 2017-01-19 | 7.1 HIGH | 5.5 MEDIUM |
| A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 7.0. Android ID: A-31449945. | |||||
| CVE-2016-6766 | 1 Google | 1 Android | 2017-01-19 | 7.1 HIGH | 5.5 MEDIUM |
| A denial of service vulnerability in libmedia and libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31318219. | |||||
| CVE-2016-6767 | 1 Google | 1 Android | 2017-01-19 | 7.1 HIGH | 5.5 MEDIUM |
| A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4. Android ID: A-31833604. | |||||
| CVE-2016-6768 | 1 Google | 1 Android | 2017-01-19 | 6.8 MEDIUM | 7.8 HIGH |
| A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31631842. | |||||
| CVE-2016-6769 | 1 Google | 1 Android | 2017-01-19 | 2.1 LOW | 4.6 MEDIUM |
| An elevation of privilege vulnerability in Smart Lock could enable a local malicious user to access Smart Lock settings without a PIN. This issue is rated as Moderate because it first requires physical access to an unlocked device where Smart Lock was the last settings pane accessed by the user. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-29055171. | |||||
| CVE-2016-6770 | 1 Google | 1 Android | 2017-01-19 | 4.3 MEDIUM | 3.3 LOW |
| An elevation of privilege vulnerability in the Framework API could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a local bypass of restrictions on a constrained process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-30202228. | |||||
| CVE-2016-6773 | 1 Google | 1 Android | 2017-01-19 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in the ih264d decoder in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0. Android ID: A-30481714. | |||||
| CVE-2016-8221 | 1 Lenovo | 1 Xclarity Administrator | 2017-01-19 | 1.9 LOW | 7.0 HIGH |
| Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by authenticated users may contain passwords for internal administrative LXCA accounts with temporary passwords that are used internally by LXCA code. | |||||
| CVE-2015-8667 | 1 Exponentcms | 1 Exponent Cms | 2017-01-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email. | |||||
| CVE-2016-6782 | 1 Linux | 1 Linux Kernel | 2017-01-19 | 9.3 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31224389. References: MT-ALPS02943506. | |||||
| CVE-2016-6781 | 1 Linux | 1 Linux Kernel | 2017-01-19 | 9.3 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31095175. References: MT-ALPS02943455. | |||||
| CVE-2016-6763 | 1 Google | 1 Android | 2017-01-19 | 7.1 HIGH | 5.5 MEDIUM |
| A denial of service vulnerability in Telephony could enable a local malicious application to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of local permanent denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31530456. | |||||
| CVE-2016-6780 | 1 Linux | 1 Linux Kernel | 2017-01-19 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31251496. | |||||
| CVE-2015-8684 | 1 Exponentcms | 1 Exponent Cms | 2017-01-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension, then accessing it via the elFinder functionality. | |||||
| CVE-2016-6778 | 1 Linux | 1 Linux Kernel | 2017-01-19 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31384646. | |||||
| CVE-2016-6779 | 1 Linux | 1 Linux Kernel | 2017-01-19 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31386004. | |||||
| CVE-2016-1000032 | 1 Python | 1 Tgcaptcha2 | 2017-01-19 | 5.0 MEDIUM | 7.5 HIGH |
| TGCaptcha2 version 0.3.0 is vulnerable to a replay attack due to a missing nonce allowing attackers to use a single solved CAPTCHA multiple times. | |||||
| CVE-2016-6887 | 1 Matrixssl | 1 Matrixssl | 2017-01-19 | 4.3 MEDIUM | 5.9 MEDIUM |
| The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack. | |||||
| CVE-2016-8671 | 1 Matrixssl | 1 Matrixssl | 2017-01-19 | 4.3 MEDIUM | 5.9 MEDIUM |
| The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6887. | |||||
| CVE-2016-8404 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 4.3 MEDIUM | 4.7 MEDIUM |
| An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31496950. | |||||
| CVE-2016-8403 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 4.3 MEDIUM | 4.7 MEDIUM |
| An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31495348. | |||||
| CVE-2016-9107 | 1 Otr | 1 Gajim-otr | 2017-01-18 | 5.0 MEDIUM | 7.5 HIGH |
| The OTR plugin for Gajim sends information in cleartext when using XHTML, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-8406 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 4.3 MEDIUM | 4.7 MEDIUM |
| An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31796940. | |||||