Total
1059 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6719 | 1 Google | 1 Android | 2019-03-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| An elevation of privilege vulnerability in the Bluetooth component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to pair with any Bluetooth device without user consent. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-29043989. | |||||
| CVE-2016-6713 | 1 Google | 1 Android | 2019-03-06 | 7.1 HIGH | 5.5 MEDIUM |
| A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-30822755. | |||||
| CVE-2016-6714 | 1 Google | 1 Android | 2019-03-06 | 7.1 HIGH | 5.5 MEDIUM |
| A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-31092462. | |||||
| CVE-2016-5613 | 1 Oracle | 1 Vm Virtualbox | 2019-03-04 | 2.1 LOW | 4.3 MEDIUM |
| Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5608. | |||||
| CVE-2016-5610 | 1 Oracle | 1 Vm Virtualbox | 2019-03-04 | 4.6 MEDIUM | 6.8 MEDIUM |
| Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core. | |||||
| CVE-2016-5608 | 1 Oracle | 1 Vm Virtualbox | 2019-03-04 | 2.1 LOW | 5.5 MEDIUM |
| Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5613. | |||||
| CVE-2016-3159 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Vm Server and 1 more | 2019-02-21 | 1.7 LOW | 3.8 LOW |
| The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076. | |||||
| CVE-2013-5654 | 1 Yingzhipython Project | 1 Yingzhipython | 2019-02-21 | 9.4 HIGH | 9.1 CRITICAL |
| Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storage | |||||
| CVE-2015-7865 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2019-02-13 | 7.7 HIGH | N/A |
| nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows does not properly restrict access to the stereosvrpipe named pipe, which allows local users to gain privileges via a commandline in a number 2 command, which is stored in the HKEY_LOCAL_MACHINE explorer Run registry key, a different vulnerability than CVE-2011-4784. | |||||
| CVE-2015-2559 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2019-02-05 | 3.5 LOW | N/A |
| Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL. | |||||
| CVE-2015-2172 | 1 Dokuwiki | 1 Dokuwiki | 2019-02-05 | 6.5 MEDIUM | N/A |
| DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API. | |||||
| CVE-2015-1976 | 1 Ibm | 2 Security Directory Server, Tivoli Directory Server | 2019-02-04 | 2.1 LOW | 5.5 MEDIUM |
| IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash. | |||||
| CVE-2016-4018 | 1 Sap | 1 Hana | 2018-12-10 | 7.5 HIGH | 7.3 HIGH |
| The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and conduct unspecified other attacks via unspecified vectors, aka SAP Security Note 2262742. | |||||
| CVE-2015-2816 | 1 Sap | 1 Afaria | 2018-12-10 | 7.5 HIGH | N/A |
| The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict access, which allows remote attackers to have unspecified impact via a crafted request, aka SAP Security Note 2134905. | |||||
| CVE-2016-2278 | 1 Schneider-electric | 4 Struxureware Building Operations Automation Server As, Struxureware Building Operations Automation Server As-p, Struxureware Building Operations Automation Server As-p Firmware and 1 more | 2018-10-30 | 9.0 HIGH | 7.2 HIGH |
| Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh (aka Minimal Shell) protection mechanism. | |||||
| CVE-2016-1676 | 5 Debian, Google, Opensuse and 2 more | 8 Debian Linux, Chrome, Leap and 5 more | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||||
| CVE-2015-0820 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2018-10-30 | 2.6 LOW | N/A |
| Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted web site. | |||||
| CVE-2016-1656 | 3 Google, Opensuse, Suse | 4 Android, Chrome, Leap and 1 more | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors. | |||||
| CVE-2016-2825 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Leap and 1 more | 2018-10-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL. | |||||
| CVE-2016-3992 | 3 Cronic Project, Debian, Opensuse | 4 Cronic, Debian Linux, Leap and 1 more | 2018-10-30 | 4.9 MEDIUM | 6.2 MEDIUM |
| cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp. | |||||