Total
9737 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-8565 | 1 Joomla | 1 Joomla\! | 2024-02-28 | 7.5 HIGH | N/A |
Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors. | |||||
CVE-2016-3950 | 1 Huawei | 2 Ar3200, Ar3200 Firmware | 2024-02-28 | 6.8 MEDIUM | 6.5 MEDIUM |
Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets. | |||||
CVE-2016-1258 | 1 Juniper | 1 Junos | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Embedthis Appweb, as used in J-Web in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2X51 before 13.2X51-D20, 13.3 before 13.3R8, 14.1 before 14.1R6, and 14.2 before 14.2R5, allows remote attackers to cause a denial of service (J-Web crash) via unspecified vectors. | |||||
CVE-2015-0739 | 1 Cisco | 10 Firesight System Software, Sourcefire 3d1000 Sensor, Sourcefire 3d2000 Sensor and 7 more | 2024-02-28 | 4.0 MEDIUM | N/A |
The Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Controller (BMC) file uploads via unspecified vectors, aka Bug ID CSCus87938. | |||||
CVE-2016-3202 | 1 Microsoft | 5 Chakra Javascript, Edge, Internet Explorer and 2 more | 2024-02-28 | 7.6 HIGH | 7.5 HIGH |
The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." | |||||
CVE-2016-1461 | 1 Cisco | 2 Asyncos, Email Security Appliance | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Cisco AsyncOS on Email Security Appliance (ESA) devices through 9.7.0-125 allows remote attackers to bypass malware detection via a crafted attachment in an e-mail message, aka Bug ID CSCuz14932. | |||||
CVE-2015-8331 | 1 Huawei | 1 Vcn500 | 2024-02-28 | 5.8 MEDIUM | 7.4 HIGH |
The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an "abnormal exit" occurs, which allows remote attackers to conduct replay attacks via the session ID. | |||||
CVE-2016-3654 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote authenticated administrators to execute arbitrary OS commands via an SSH command parameter. | |||||
CVE-2016-1418 | 1 Cisco | 7 Aironet 1830e, Aironet 1830i, Aironet 1850e and 4 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Cisco Aironet Access Point Software 8.2(100.0) on 1830e, 1830i, 1850e, 1850i, 2800, and 3800 access points allows local users to obtain Linux root access via crafted CLI command parameters, aka Bug ID CSCuy64037. | |||||
CVE-2016-8870 | 1 Joomla | 1 Joomla\! | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting. | |||||
CVE-2016-2477 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles pointers, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27251096. | |||||
CVE-2016-4809 | 3 Libarchive, Oracle, Redhat | 9 Libarchive, Linux, Enterprise Linux Desktop and 6 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink. | |||||
CVE-2016-4061 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Foxit Reader and PhantomPDF before 7.3.4 on Windows allow remote attackers to cause a denial of service (application crash) via a crafted content stream. | |||||
CVE-2015-1302 | 1 Google | 1 Chrome | 2024-02-28 | 7.5 HIGH | N/A |
The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and out_of_process_instance.cc. | |||||
CVE-2016-2480 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
The mm-video-v4l2 vidc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate certain OMX parameter data structures, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27532721. | |||||
CVE-2016-2086 | 2 Fedoraproject, Nodejs | 2 Fedora, Node.js | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. | |||||
CVE-2015-6369 | 1 Cisco | 1 Firepower Extensible Operating System | 2024-02-28 | 4.9 MEDIUM | N/A |
The USB driver in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows physically proximate attackers to cause a denial of service via a crafted USB device that triggers invalid USB commands, aka Bug ID CSCux10531. | |||||
CVE-2016-2270 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Vm Server and 1 more | 2024-02-28 | 4.6 MEDIUM | 6.8 MEDIUM |
Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings. | |||||
CVE-2016-1209 | 1 Ninjaforms | 1 Ninja Forms | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request. | |||||
CVE-2015-7093 | 1 Apple | 1 Safari | 2024-02-28 | 4.3 MEDIUM | N/A |
Safari in Apple iOS before 9.2 allows remote attackers to spoof a URL in the user interface via a crafted web site. |