Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1000146 | 1 Pondol-formmail Project | 1 Pondol-formmail | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin pondol-formmail v1.1 | |||||
| CVE-2016-1000148 | 1 S3-video Project | 1 S3-video | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin s3-video v0.983 | |||||
| CVE-2016-1000149 | 1 Simpel-reserveren Project | 1 Simpel-reserveren | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin simpel-reserveren v3.5.2 | |||||
| CVE-2016-1000154 | 1 Browserweb | 1 Whizz | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin whizz v1.0.7 | |||||
| CVE-2016-0922 | 1 Emc | 1 Vipr Srm | 2016-11-28 | 5.0 MEDIUM | 9.8 CRITICAL |
| EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack. | |||||
| CVE-2016-0928 | 1 Pivotal | 1 Cloud Foundry Elastic Runtime | 2016-11-28 | 5.8 MEDIUM | 7.4 HIGH |
| Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2016-0929 | 1 Pivotal Software | 1 Rabbitmq | 2016-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| The metrics-collection component in RabbitMQ for Pivotal Cloud Foundry (PCF) 1.6.x before 1.6.4 logs command lines of failed commands, which might allow context-dependent attackers to obtain sensitive information by reading the log data, as demonstrated by a syslog message that contains credentials from a command line. | |||||
| CVE-2016-0930 | 1 Pivotal | 1 Operations Manager | 2016-11-28 | 5.0 MEDIUM | 9.8 CRITICAL |
| Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an installation-time period during which these VMs exist. | |||||
| CVE-2016-1000121 | 1 Huge-it | 1 Slider | 2016-11-28 | 3.5 LOW | 4.8 MEDIUM |
| XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension | |||||
| CVE-2016-1000126 | 1 Admin-font-editor Project | 1 Admin-font-editor | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin admin-font-editor v1.8 | |||||
| CVE-2016-1000127 | 1 Ajax-random-post Project | 1 Ajax-random-post | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin ajax-random-post v2.00 | |||||
| CVE-2016-1000129 | 1 Defa-online-image-protector Project | 1 Defa-online-image-protector | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin defa-online-image-protector v3.3 | |||||
| CVE-2016-1000138 | 1 Indexisto Project | 1 Indexisto | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin indexisto v1.0.5 | |||||
| CVE-2016-0815 | 1 Google | 1 Android | 2016-11-28 | 10.0 HIGH | 9.8 CRITICAL |
| The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26365349. | |||||
| CVE-2016-0816 | 1 Google | 1 Android | 2016-11-28 | 10.0 HIGH | 9.8 CRITICAL |
| mediaserver in Android 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to decoder/ih264d_parse_islice.c and decoder/ih264d_parse_pslice.c, aka internal bug 25928803. | |||||
| CVE-2016-0818 | 1 Google | 1 Android | 2016-11-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows man-in-the-middle attackers to spoof servers by leveraging access to an intermediate CA to issue a certificate, aka internal bug 26232830. | |||||
| CVE-2016-0819 | 1 Google | 1 Android | 2016-11-28 | 9.3 HIGH | 7.8 HIGH |
| The Qualcomm performance component in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 25364034. | |||||
| CVE-2016-0820 | 1 Google | 1 Android | 2016-11-28 | 9.3 HIGH | 7.8 HIGH |
| The MediaTek Wi-Fi kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 26267358. | |||||
| CVE-2016-0822 | 1 Google | 1 Android | 2016-11-28 | 7.6 HIGH | 7.0 HIGH |
| The MediaTek connectivity kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application that leverages conn_launcher access, aka internal bug 25873324. | |||||
| CVE-2016-0823 | 2 Google, Linux | 2 Android, Linux Kernel | 2016-11-28 | 2.1 LOW | 4.0 MEDIUM |
| The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. | |||||