Total
980 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2980 | 1 Ibm | 1 Sametime | 2024-11-21 | 6.8 MEDIUM | 6.3 MEDIUM |
| The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injection where a malicious site can inject their own script by exploiting a vulnerability in the way that the WebPlayer works. IBM X-Force ID: 113993. | |||||
| CVE-2016-2204 | 1 Symantec | 1 Messaging Gateway | 2024-11-21 | 6.5 MEDIUM | 8.2 HIGH |
| The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input. | |||||
| CVE-2016-1155 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies. | |||||
| CVE-2016-15007 | 1 Centralized Salesforce Development Framework Project | 1 Centralized Salesforce Development Framework | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in Centralized-Salesforce-Dev-Framework. It has been declared as problematic. Affected by this vulnerability is the function SObjectService of the file src/classes/SObjectService.cls of the component SOQL Handler. The manipulation of the argument orderDirection leads to injection. The patch is named db03ac5b8a9d830095991b529c067a030a0ccf7b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217195. | |||||
| CVE-2016-15004 | 1 Revmakx | 1 Infinitewp Client | 2024-11-21 | N/A | 7.3 HIGH |
| A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2016-11068 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection. | |||||
| CVE-2016-10847 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80). | |||||
| CVE-2016-10845 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.5 MEDIUM | 8.1 HIGH |
| cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78). | |||||
| CVE-2016-10801 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 58.0.4 has improper session handling for shared users (SEC-139). | |||||
| CVE-2016-10761 | 1 Logitech | 10 K360, K360 Firmware, K400r and 7 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack. | |||||
| CVE-2016-10498 | 1 Qualcomm | 60 Mdm9206, Mdm9206 Firmware, Mdm9607 and 57 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, MDM9645, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, stopping of the DTR prematurely causes micro kernel to be stuck. This can be triggered with a timing change injectable in RACH procedure. | |||||
| CVE-2016-10131 | 1 Codeigniter | 1 Codeigniter | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments. | |||||
| CVE-2016-0881 | 1 Emc | 1 Documentum Xcp | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and obtain sensitive repository information by appending a query to a REST request. | |||||
| CVE-2015-8800 | 1 Broadcom | 5 Symantec Critical System Protection, Symantec Data Center Security Server, Symantec Data Center Security Server And Agents and 2 more | 2024-11-21 | 4.9 MEDIUM | 7.3 HIGH |
| Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allow remote authenticated users to conduct argument-injection attacks by leveraging certain named-pipe access. | |||||
| CVE-2015-8258 | 1 Axis | 1 Axis Communications Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability." | |||||
| CVE-2015-7544 | 1 Redhat | 1 Enterprise Virtualization Manager | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
| redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment. | |||||
| CVE-2015-7466 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | 4.0 MEDIUM | 3.1 LOW |
| Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended query restrictions or modify the LDAP directory, via unspecified vectors. | |||||
| CVE-2015-7309 | 1 Boltcms | 1 Bolt | 2024-11-21 | 6.5 MEDIUM | N/A |
| The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it. | |||||
| CVE-2015-7264 | 1 Proxygen Project | 1 Proxygen | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks. | |||||
| CVE-2015-5841 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-11-21 | 5.0 MEDIUM | N/A |
| The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response. | |||||