Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1032 | 1 Pi3 | 1 Pi3web | 2016-12-19 | 5.0 MEDIUM | N/A |
| Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured to use the "Name" column and sort using the column title as a hyperlink, allows remote attackers to cause a denial of service (crash) via a malformed URL to the web server, possibly involving a buffer overflow. | |||||
| CVE-2004-1961 | 1 Protector System | 1 Protector System | 2016-12-19 | 7.5 HIGH | N/A |
| blocker.php in Protector System 1.15b1 allows remote attackers to bypass SQL injection protection and execute limited SQL commands via URL-encoded "'" characters ("%27"). | |||||
| CVE-2005-2023 | 1 Suse | 1 Suse Linux | 2016-12-19 | 10.0 HIGH | N/A |
| The send_pinentry_environment function in asshelp.c in gpg2 on SUSE Linux 9.3 does not properly handle certain options, which can prevent pinentry from being found and causes S/MIME signing to fail. | |||||
| CVE-2006-0081 | 1 Intel | 1 Graphics Accelerator Driver | 2016-12-19 | 7.8 HIGH | N/A |
| ialmnt5.sys in the ialmrnt5 display driver in Intel Graphics Accelerator Driver 6.14.10.4308 allows attackers to cause a denial of service (crash or screen resolution change) via a long text field, as demonstrated using a long window title. | |||||
| CVE-2014-8241 | 2 Redhat, Tigervnc | 5 Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Server and 2 more | 2016-12-19 | 7.5 HIGH | 9.8 CRITICAL |
| XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052. | |||||
| CVE-2016-1774 | 1 Apple | 1 Mac Os X Server | 2016-12-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions. | |||||
| CVE-2016-1776 | 1 Apple | 1 Mac Os X Server | 2016-12-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request. | |||||
| CVE-2016-1777 | 1 Apple | 1 Mac Os X Server | 2016-12-19 | 5.0 MEDIUM | 7.5 HIGH |
| Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. | |||||
| CVE-2016-1787 | 1 Apple | 1 Mac Os X Server | 2016-12-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| Wiki Server in Apple OS X Server before 5.1 allows remote attackers to obtain sensitive information from Wiki pages via unspecified vectors. | |||||
| CVE-2016-6852 | 1 Open-xchange | 1 Open-xchange Appsuite | 2016-12-16 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Users can provide local file paths to the RSS reader; the response and error code give hints about whether the provided file exists or not. Attackers may discover specific system files or library versions on the middleware server to prepare further attacks. | |||||
| CVE-2016-6842 | 1 Open-xchange | 1 Open-xchange Appsuite | 2016-12-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Setting the user's name to JS code makes that code execute when selecting that user's "Templates" folder from OX Documents settings. This requires the folder to be shared to the victim. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). | |||||
| CVE-2016-6843 | 1 Open-xchange | 1 Open-xchange Appsuite | 2016-12-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code can be injected to contact names. When adding those contacts to a group, the script code gets executed in the context of the user which creates or changes the group by using autocomplete. In most cases this is a user with elevated permissions. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). | |||||
| CVE-2016-6844 | 1 Open-xchange | 1 Open-xchange Appsuite | 2016-12-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within SVG files is maintained when opening such files "in browser" based on our Mail or Drive app. In case of "a" tags, this may include link targets with base64 encoded "data" references. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). | |||||
| CVE-2016-6845 | 1 Open-xchange | 1 Open-xchange Appsuite | 2016-12-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded "data" resources. This allows an attacker to provide hyperlinks that may execute script code instead of directing to a proper location. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). | |||||
| CVE-2016-6848 | 1 Open-xchange | 1 Open-xchange Appsuite | 2016-12-16 | 1.9 LOW | 5.5 MEDIUM |
| An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client ("Reflected File Download"). Malicious platform specific (e.g. Microsoft Windows) batch file can be created via a trusted domain without authentication that, if executed by the user, may lead to local code execution. | |||||
| CVE-2016-6850 | 1 Open-xchange | 1 Open-xchange Appsuite | 2016-12-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get executed when calling the related picture URL or viewing the related person's image within a browser. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). | |||||
| CVE-2016-6847 | 1 Open-xchange | 1 Open-xchange Appsuite | 2016-12-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as mp3 album covers. In case their XML structure contains script code, that code may get executed when calling the related cover URL. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.). | |||||
| CVE-2016-5687 | 2 Imagemagick, Oracle | 2 Imagemagick, Solaris | 2016-12-16 | 7.5 HIGH | 9.8 CRITICAL |
| The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read. | |||||
| CVE-2016-5688 | 2 Imagemagick, Oracle | 2 Imagemagick, Solaris | 2016-12-16 | 6.8 MEDIUM | 8.1 HIGH |
| The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions. | |||||
| CVE-2016-5689 | 2 Imagemagick, Oracle | 2 Imagemagick, Solaris | 2016-12-16 | 7.5 HIGH | 9.8 CRITICAL |
| The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks. | |||||