Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2275 | 1 Advantech | 4 Vesp211-232, Vesp211-232 Firmware, Vesp211-eu and 1 more | 2016-03-10 | 10.0 HIGH | 9.8 CRITICAL |
| The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allows remote attackers to perform administrative actions via modified JavaScript code. | |||||
| CVE-2015-4991 | 1 Ibm | 1 Spss Modeler | 2016-03-10 | 2.1 LOW | 4.0 MEDIUM |
| IBM SPSS Modeler 14.2 through FP3 IF027, 15 through FP3 IF015, 16 through FP2 IF012, 17 through FP1 IF018, and 17.1 through IF008 includes unspecified cleartext data in memory dumps, which allows local users to obtain sensitive information by reading a dump file. | |||||
| CVE-2013-7448 | 2 Debian, Didiwiki Project | 2 Debian Linux, Didiwiki | 2016-03-10 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in wiki.c in didiwiki allows remote attackers to read arbitrary files via the page parameter to api/page/get. | |||||
| CVE-2016-2231 | 1 Huawei | 2 Mt882, Mt882 Firmware | 2016-03-10 | 9.0 HIGH | 9.8 CRITICAL |
| The Windows-based Host Interface Program (WHIP) service on Huawei SmartAX MT882 devices V200R002B022 Arg relies on the client to send a length field that is consistent with a buffer size, which allows remote attackers to cause a denial of service (device outage) or possibly have unspecified other impact via crafted traffic on TCP port 8701. | |||||
| CVE-2015-5010 | 1 Ibm | 3 Security Access Manager 9.0 Firmware, Security Access Manager For Web 7.0 Firmware, Security Access Manager For Web 8.0 Firmware | 2016-03-10 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Access Manager for Web 7.0 before 7.0.0 IF21, 8.0 before 8.0.1.3 IF4, and 9.0 before 9.0.0.1 IF1 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2015-7492 | 1 Ibm | 1 Infosphere Master Data Management Reference Data Management | 2016-03-10 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Reference Data Management (RDM) in IBM InfoSphere Master Data Management 10.1, 11.0 before FP5, 11.3, 11.4, and 11.5 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-0803 | 1 Google | 1 Android | 2016-03-10 | 10.0 HIGH | 9.8 CRITICAL |
| libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation in the (1) SoftMPEG4Encoder or (2) SoftVPXEncoder component, aka internal bug 25812794. | |||||
| CVE-2016-2859 | 2016-03-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-0834. Reason: This candidate is a reservation duplicate of CVE-2016-0834. Notes: All CVE users should reference CVE-2016-0834 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2016-2144 | 2016-03-09 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-0284. Reason: This candidate is a reservation duplicate of CVE-2015-0284. Notes: All CVE users should reference CVE-2015-0284 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2015-6022 | 1 Qnap | 1 Signage Station | 2016-03-08 | 9.0 HIGH | 8.8 HIGH |
| Unrestricted file upload vulnerability in QNAP Signage Station before 2.0.1 allows remote authenticated users to execute arbitrary code by uploading an executable file, and then accessing this file via an unspecified URL. | |||||
| CVE-2015-7923 | 1 Westermo | 1 Weos | 2016-03-07 | 9.3 HIGH | 9.0 CRITICAL |
| Westermo WeOS before 4.19.0 uses the same SSL private key across different customers' installations, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key. | |||||
| CVE-2015-8286 | 1 Zhuhai | 1 Raysharp Firmware | 2016-03-07 | 10.0 HIGH | 9.8 CRITICAL |
| Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000. | |||||
| CVE-2016-1488 | 1 Siemens | 4 Ozw672, Ozw672 Firmware, Ozw772 and 1 more | 2016-03-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens OZW OZW672 devices before 6.00 and OZW772 devices before 6.00 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-8772 | 1 Mcafee | 1 File Lock | 2016-03-04 | 8.5 HIGH | 9.1 CRITICAL |
| McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a large VERIFY_INFORMATION.Length value in an IOCTL_DISK_VERIFY ioctl call. | |||||
| CVE-2016-2049 | 1 Janrain | 1 Php-openid | 2016-03-04 | 6.8 MEDIUM | 8.8 HIGH |
| examples/consumer/common.php in JanRain PHP OpenID library (aka php-openid) improperly checks the openid.realm parameter against the SERVER_NAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted HTTP Host header. | |||||
| CVE-2016-1342 | 1 Cisco | 1 Firepower Management Center | 2016-03-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| The device login page in Cisco FirePOWER Management Center 5.3 through 6.0.0.1 allows remote attackers to obtain potentially sensitive software-version information by reading help files, aka Bug ID CSCuy36654. | |||||
| CVE-2016-1354 | 1 Cisco | 1 Unified Communications Domain Manager | 2016-03-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 8.x before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCud41176. | |||||
| CVE-2016-2398 | 1 Comcast | 1 Xfinity Home Security System | 2016-03-04 | 3.3 LOW | 6.5 MEDIUM |
| Comcast XFINITY Home Security System does not properly maintain base-station communication, which allows physically proximate attackers to defeat sensor functionality by interfering with ZigBee 2.4 GHz transmissions. | |||||
| CVE-2016-0212 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2016-03-03 | 10.0 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2016-0213 and CVE-2016-0216. | |||||
| CVE-2016-0213 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2016-03-03 | 10.0 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2016-0212 and CVE-2016-0216. | |||||
| CVE-2016-0216 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2016-03-03 | 10.0 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.x through 6.1.11.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2016-0212 and CVE-2016-0213. | |||||
| CVE-2016-0244 | 1 Ibm | 1 Websphere Portal | 2016-03-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0243. | |||||
| CVE-2015-7769 | 1 Basercms | 1 Basercms | 2016-03-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| baserCMS 3.0.2 through 3.0.8 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2016-8000 | 2016-03-03 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-0800. Reason: This candidate is a duplicate of CVE-2016-0800. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2016-0800 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2016-2214 | 1 Huawei | 1 Agile Controller-campus | 2016-03-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in an unspecified portal authentication page in Huawei Agile Controller-Campus with software before V100R001C00SPC319 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2015-6036 | 1 Qnap | 1 Sinage Station | 2016-03-02 | 5.0 MEDIUM | 7.5 HIGH |
| QNAP Signage Station before 2.0.1 allows remote attackers to bypass authentication, and consequently upload files, via a spoofed HTTP request. | |||||
| CVE-2015-7457 | 1 Ibm | 1 Websphere Portal | 2016-03-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-7491 | 1 Ibm | 1 Websphere Portal | 2016-03-02 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-7455 | 1 Ibm | 1 Websphere Portal | 2016-03-02 | 4.0 MEDIUM | 3.1 LOW |
| IBM WebSphere Portal 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 uses weak permissions for content items, which allows remote authenticated users to make modifications via the authoring UI. | |||||
| CVE-2015-7428 | 1 Ibm | 1 Websphere Portal | 2016-03-02 | 5.8 MEDIUM | 7.4 HIGH |
| Open redirect vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. | |||||
| CVE-2016-1154 | 1 Cuore | 1 Ec-cube Help Plugin | 2016-03-02 | 7.5 HIGH | 9.1 CRITICAL |
| SQL injection vulnerability in the Help plug-in 1.3.5 and earlier in Cuore EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-1882 | 1 Freebsd | 1 Freebsd | 2016-03-02 | 7.8 HIGH | 7.5 HIGH |
| FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow remote attackers to cause a denial of service (kernel crash) via vectors related to creating a TCP connection with the TCP_MD5SIG and TCP_NOOPT socket options. | |||||
| CVE-2015-7444 | 1 Ibm | 1 Websphere Commerce | 2016-03-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Update Installer in IBM WebSphere Commerce Enterprise 7.0.0.8 and 7.0.0.9 does not properly replicate the search index, which allows attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-2199 | 1 Mcafee | 1 Vulnerability Manager | 2016-03-01 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors. | |||||
| CVE-2016-1322 | 1 Cisco | 1 Spark | 2016-03-01 | 5.0 MEDIUM | 7.5 HIGH |
| The REST interface in Cisco Spark 2015-07-04 allows remote attackers to bypass intended access restrictions and create arbitrary user accounts via unspecified web requests, aka Bug ID CSCuv72584. | |||||
| CVE-2016-0867 | 1 Carel | 1 Plantvisor Enhanced | 2016-03-01 | 7.8 HIGH | 7.5 HIGH |
| CAREL PlantVisorEnhanced allows remote attackers to bypass intended access restrictions via a direct file request. | |||||
| CVE-2016-2537 | 1 Is My Json Valid Project | 1 Is My Json Valid | 2016-02-29 | 5.0 MEDIUM | 7.5 HIGH |
| The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports['utc-millisec'] regular expression, which allows remote attackers to cause a denial of service (blocked event loop) via a crafted string. | |||||
| CVE-2016-1323 | 1 Cisco | 1 Spark | 2016-02-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| The REST interface in Cisco Spark 2015-06 allows remote authenticated users to obtain sensitive information via a request for an unspecified file, aka Bug ID CSCuv84048. | |||||
| CVE-2015-4956 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2016-02-29 | 6.5 MEDIUM | 7.4 HIGH |
| The Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to execute unspecified OS commands via unknown vectors. | |||||
| CVE-2015-2008 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2016-02-29 | 3.5 LOW | 4.4 MEDIUM |
| IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.6 includes SSH private keys during backup operations, which allows remote authenticated administrators to obtain sensitive information by reading a backup archive. | |||||
| CVE-2016-2777 | 2016-02-27 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-1868. Reason: This candidate is a reservation duplicate of CVE-2016-1868. Notes: All CVE users should reference CVE-2016-1868 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2015-7398 | 1 Ibm | 1 Emptoris Contract Management | 2016-02-26 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-5050 | 1 Ibm | 1 Emptoris Contract Management | 2016-02-26 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2015-4957 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2016-02-26 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-7575 | 2016-02-26 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-7575. Reason: This candidate is a duplicate of CVE-2015-7575. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2015-7575 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2016-0957 | 4 Adobe, Apple, Linux and 1 more | 5 Dispatcher, Experience Manager, Mac Os X and 2 more | 2016-02-25 | 7.8 HIGH | 7.5 HIGH |
| Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors. | |||||
| CVE-2015-8794 | 1 Roundcube | 1 Roundcube Webmail | 2016-02-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the _alt parameter, related to contact photo handling. | |||||
| CVE-2015-8773 | 1 Mcafee | 1 File Lock | 2016-02-25 | 7.8 HIGH | 7.5 HIGH |
| Stack-based buffer overflow in McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows attackers to cause a denial of service (system crash) via a long vault GUID in an ioctl call. | |||||
| CVE-2016-2230 | 1 Openelec | 1 Openelec | 2016-02-25 | 10.0 HIGH | 9.8 CRITICAL |
| OpenELEC and RasPlex devices have a hardcoded password for the root account, which makes it easier for remote attackers to obtain access via an SSH session. | |||||
| CVE-2015-3591 | 2016-02-25 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3591. Reason: This candidate is a duplicate of CVE-2014-3591. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-3591 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||