Total
409 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-7187 | 1 Mozilla | 1 Firefox | 2024-02-28 | 4.3 MEDIUM | N/A |
The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a "script: false" panel setting, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via inline JavaScript code that is executed within a third-party extension. | |||||
CVE-2016-1489 | 1 Lenovo | 1 Shareit | 2024-02-28 | 4.3 MEDIUM | 8.0 HIGH |
Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in cleartext, which allows remote attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. | |||||
CVE-2016-3650 | 1 Symantec | 1 Endpoint Protection Manager | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack. | |||||
CVE-2016-5362 | 1 Openstack | 1 Neutron | 2024-02-28 | 6.4 MEDIUM | 8.2 HIGH |
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message. | |||||
CVE-2015-3756 | 1 Apple | 1 Iphone Os | 2024-02-28 | 2.1 LOW | N/A |
The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog. | |||||
CVE-2016-1567 | 1 Tuxfamily | 1 Chrony | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." | |||||
CVE-2016-7959 | 1 Siemens | 1 Simatic Step 7 | 2024-02-28 | 1.9 LOW | 4.7 MEDIUM |
Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to a file and conducting a brute-force attack. | |||||
CVE-2016-0161 | 1 Microsoft | 1 Edge | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0158. | |||||
CVE-2016-1452 | 1 Cisco | 2 Asr 5000, Asr 5000 Software | 2024-02-28 | 6.4 MEDIUM | 6.5 MEDIUM |
Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526. | |||||
CVE-2016-2398 | 1 Comcast | 1 Xfinity Home Security System | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
Comcast XFINITY Home Security System does not properly maintain base-station communication, which allows physically proximate attackers to defeat sensor functionality by interfering with ZigBee 2.4 GHz transmissions. | |||||
CVE-2016-3320 | 2 Fedoraproject, Microsoft | 5 Fedora, Windows 10, Windows 8.1 and 2 more | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow attackers to bypass the Secure Boot protection mechanism by leveraging (1) administrative or (2) physical access to install a crafted boot manager, aka "Secure Boot Security Feature Bypass." | |||||
CVE-2015-1278 | 4 Debian, Google, Opensuse and 1 more | 7 Debian Linux, Chrome, Opensuse and 4 more | 2024-02-28 | 4.3 MEDIUM | N/A |
content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document's modal dialog is closed upon navigation to an interstitial page, which allows remote attackers to spoof URLs via a crafted document, as demonstrated by the alert_dialog.pdf document. | |||||
CVE-2016-4025 | 1 Avast | 11 Business Security, Email Server Security, Endpoint Protection and 8 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint Protection Suite v8.x.x, Endpoint Protection Suite Plus v8.x.x, File Server Security v8.x.x, and Email Server Security v8.x.x allow attackers to bypass the DeepScreen feature via a DeviceIoControl call. | |||||
CVE-2016-3648 | 1 Symantec | 1 Endpoint Protection Manager | 2024-02-28 | 4.0 MEDIUM | 8.8 HIGH |
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to bypass the Authentication Lock protection mechanism, and conduct brute-force password-guessing attacks against management-console accounts, by entering data into the authorization window. | |||||
CVE-2016-0824 | 1 Google | 1 Android | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
libmpeg2 in libstagefright in Android 6.x before 2016-03-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via crafted Bitstream data, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25765591. | |||||
CVE-2015-6999 | 1 Apple | 1 Iphone Os | 2024-02-28 | 5.0 MEDIUM | N/A |
The OCSP client in Apple iOS before 9.1 does not check for certificate expiry, which allows remote attackers to spoof a valid certificate by leveraging access to a revoked certificate. | |||||
CVE-2016-0287 | 2 Ibm, Microsoft | 2 I Access, Windows | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
IBM i Access 7.1 on Windows allows local users to discover registry passwords via unspecified vectors. | |||||
CVE-2016-3125 | 3 Fedoraproject, Opensuse, Proftpd | 3 Fedora, Opensuse, Proftpd | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors. | |||||
CVE-2014-9793 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
platform/msm_shared/mmc.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles the power-on write-protect feature, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28821253 and Qualcomm internal bug CR580567. | |||||
CVE-2015-6583 | 1 Google | 1 Chrome | 2024-02-28 | 4.3 MEDIUM | N/A |
Google Chrome before 45.0.2454.85 does not display a location bar for a hosted app's window after navigation away from the installation site, which might make it easier for remote attackers to spoof content via a crafted app, related to browser.cc and hosted_app_browser_controller.cc. |