Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9054 | 1 Aerospike | 1 Database Server | 2022-12-14 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function as_sindex__simatch_list_by_set_binid resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability. | |||||
| CVE-2017-12112 | 1 Ethereum | 1 Cpp-ethereum | 2022-12-14 | 6.8 MEDIUM | 8.1 HIGH |
| An exploitable improper authorization vulnerability exists in admin_addPeer API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability. | |||||
| CVE-2016-9048 | 1 Processmaker | 1 Processmaker | 2022-12-14 | 6.5 MEDIUM | 7.4 HIGH |
| Multiple exploitable SQL Injection vulnerabilities exists in ProcessMaker Enterprise Core 3.0.1.7-community. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain setups access the underlying operating system. | |||||
| CVE-2016-9045 | 1 Processmaker | 1 Processmaker | 2022-12-14 | 6.5 MEDIUM | 8.8 HIGH |
| A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability. | |||||
| CVE-2022-37906 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2022-12-14 | N/A | 8.1 HIGH |
| An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of the vulnerability results in the ability to delete arbitrary files on the underlying operating system. | |||||
| CVE-2016-9044 | 1 Informationbuilders | 1 Webfocus | 2022-12-14 | 9.0 HIGH | 8.8 HIGH |
| An exploitable command execution vulnerability exists in Information Builders WebFOCUS Business Intelligence Portal 8.1 . A specially crafted web parameter can cause a command injection. An authenticated attacker can send a crafted web request to trigger this vulnerability. | |||||
| CVE-2022-37907 | 1 Arubanetworks | 12 7005, 7008, 7010 and 9 more | 2022-12-14 | N/A | 7.5 HIGH |
| A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an impacted system. A successful attacker can cause a system hang which can only be resolved via a power cycle of the impacted controller. | |||||
| CVE-2016-9043 | 1 Corel | 1 Coreldraw | 2022-12-14 | 6.8 MEDIUM | 7.8 HIGH |
| An out of bound write vulnerability exists in the EMF parsing functionality of CorelDRAW X8 (CdrGfx - Corel Graphics Engine (64-Bit) - 18.1.0.661). A specially crafted EMF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific EMF file to trigger this vulnerability. | |||||
| CVE-2022-37908 | 1 Arubanetworks | 12 7005, 7008, 7010 and 9 more | 2022-12-14 | N/A | 6.5 MEDIUM |
| An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller. | |||||
| CVE-2016-9040 | 1 Joyent | 1 Smartos | 2022-12-14 | 4.9 MEDIUM | 5.5 MEDIUM |
| An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when used with a 32 bit model. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploit this will result in memory exhaustion, resulting in a full system denial of service. | |||||
| CVE-2016-8715 | 1 Iceni | 1 Argus | 2022-12-14 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable heap corruption vulnerability exists in the loadTrailer functionality of Iceni Argus version 6.6.05. A specially crafted PDF file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide a malicious PDF file to trigger this vulnerability. | |||||
| CVE-2016-8714 | 2 Debian, R Project | 2 Debian Linux, R | 2022-12-14 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability. | |||||
| CVE-2016-8716 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2022-12-14 | 3.3 LOW | 7.5 HIGH |
| An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepting this traffic is able to obtain valid credentials. | |||||
| CVE-2016-8717 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2022-12-14 | 10.0 HIGH | 9.8 CRITICAL |
| An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of affected devices. | |||||
| CVE-2016-8722 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2022-12-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. | |||||
| CVE-2016-8731 | 1 Foscam | 2 C1 Webcam, C1 Webcam Firmware | 2022-12-14 | 7.5 HIGH | 9.8 CRITICAL |
| Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials would allow remote access to any cameras found on the internet that do not have port 50021 blocked by an intermediate device. | |||||
| CVE-2016-8732 | 1 Sophos | 1 Invincea Dell Protected Workspace | 2022-12-14 | 4.6 MEDIUM | 7.8 HIGH |
| Multiple security flaws exists in InvProtectDrv.sys which is a part of Invincea Dell Protected Workspace 5.1.1-22303. Weak restrictions on the driver communication channel and additional insufficient checks allow any application to turn off some of the protection mechanisms provided by the Invincea product. | |||||
| CVE-2022-45760 | 1 Sens Project | 1 Sens | 2022-12-14 | N/A | 8.8 HIGH |
| SENS v1.0 is vulnerable to Incorrect Access Control vulnerability. | |||||
| CVE-2022-45797 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2022-12-13 | N/A | 7.1 HIGH |
| An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges and delete files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2022-44647 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2022-12-13 | N/A | 5.5 MEDIUM |
| An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44648. | |||||