Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0857 | 2 Debian, Tardiff Project | 2 Debian Linux, Tardiff | 2016-05-09 | 10.0 HIGH | 9.8 CRITICAL |
| Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file. | |||||
| CVE-2015-0858 | 2 Debian, Tardiff Project | 2 Debian Linux, Tardiff | 2016-05-09 | 2.1 LOW | 3.3 LOW |
| Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory. | |||||
| CVE-2016-2352 | 1 Accellion | 1 File Transfer Appliance | 2016-05-09 | 6.5 MEDIUM | 8.8 HIGH |
| The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote authenticated users to execute arbitrary commands by leveraging the YUM_CLIENT restricted-user role. | |||||
| CVE-2016-3171 | 3 Debian, Drupal, Php | 3 Debian Linux, Drupal, Php | 2016-05-09 | 6.8 MEDIUM | 8.1 HIGH |
| Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation. | |||||
| CVE-2016-0864 | 1 Tollgrade | 1 Smartgrid Lighthouse Sensor Management System | 2016-05-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to obtain sensitive report and username information via unspecified vectors. | |||||
| CVE-2016-1176 | 1 Sharp | 1 Eva Animator | 2016-05-09 | 6.8 MEDIUM | 6.3 MEDIUM |
| Buffer overflow in the ActiveX control in Sharp EVA Animeter allows remote attackers to execute arbitrary code via a crafted web page. | |||||
| CVE-2016-0863 | 1 Tollgrade | 1 Smartgrid Lighthouse Sensor Management System | 2016-05-09 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2005-2741 | 2 Apple, Perry Kiehtreiber | 3 Mac Os X, Mac Os X Server, Securityd | 2016-05-09 | 7.2 HIGH | N/A |
| Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges by granting themselves certain rights that should be restricted to administrators. | |||||
| CVE-2005-0139 | 1 Sgi | 1 Irix | 2016-05-09 | 7.5 HIGH | N/A |
| Unknown vulnerability in rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not sufficiently restrict access rights for read-mostly exports, which allows attackers to conduct unauthorized activities. | |||||
| CVE-2014-7228 | 1 Joomla | 1 Joomla\! | 2016-05-09 | 7.5 HIGH | N/A |
| Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and Professional 2.0.0 through 2.4.4; and CMS Update 1.0.a1 through 1.0.1, when performing a backup or update for an archive, does not delete parameters from $_GET and $_POST when it is cleansing $_REQUEST, but later accesses $_GET and $_POST using the getQueryParam function, which allows remote attackers to bypass encryption and execute arbitrary code via a command message that extracts a crafted archive. | |||||
| CVE-2005-0138 | 1 Sgi | 1 Irix | 2016-05-09 | 7.5 HIGH | N/A |
| rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not correctly allow access to anonymous clients that connect from a system whose hostname can not be determined. NOTE: while this issue occurs in a security mechanism, there is no apparent attacker role and probably does not satisfy the CVE definition of a vulnerability. | |||||
| CVE-2016-2438 | 2016-05-09 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-2547, CVE-2016-2548. Reason: This candidate is a duplicate of CVE-2016-2547 and CVE-2016-2548. Notes: All CVE users should reference CVE-2016-2547 and/or CVE-2016-2548 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2016-2447 | 2016-05-09 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-4477. Reason: This candidate is a reservation duplicate of CVE-2016-4477. Notes: All CVE users should reference CVE-2016-4477 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2015-4178 | 1 Linux | 1 Linux Kernel | 2016-05-06 | 4.9 MEDIUM | 5.5 MEDIUM |
| The fs_pin implementation in the Linux kernel before 4.0.5 does not ensure the internal consistency of a certain list data structure, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call, related to fs/fs_pin.c and include/linux/fs_pin.h. | |||||
| CVE-2015-2672 | 1 Linux | 1 Linux Kernel | 2016-05-06 | 4.9 MEDIUM | 5.5 MEDIUM |
| The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux kernel before 3.19.2 creates certain .altinstr_replacement pointers and consequently does not provide any protection against instruction faulting, which allows local users to cause a denial of service (panic) by triggering a fault, as demonstrated by an unaligned memory operand or a non-canonical address memory operand. | |||||
| CVE-2015-4177 | 1 Linux | 1 Linux Kernel | 2016-05-06 | 4.9 MEDIUM | 5.5 MEDIUM |
| The collect_mounts function in fs/namespace.c in the Linux kernel before 4.0.5 does not properly consider that it may execute after a path has been unmounted, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call. | |||||
| CVE-2016-1199 | 1 Lockon | 1 Ec-cube | 2016-05-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200. | |||||
| CVE-2016-2280 | 1 Honeywell | 1 Uniformance Process History Database | 2016-05-05 | 7.8 HIGH | 7.5 HIGH |
| Buffer overflow in RDISERVER in Honeywell Uniformance Process History Database (PHD) R310, R320, and R321 allows remote attackers to cause a denial of service (service outage) via unspecified vectors. | |||||
| CVE-2008-7316 | 1 Linux | 1 Linux Kernel | 2016-05-05 | 2.1 LOW | 5.5 MEDIUM |
| mm/filemap.c in the Linux kernel before 2.6.25 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers an iovec of zero length, followed by a page fault for an iovec of nonzero length. | |||||
| CVE-2013-5679 | 1 Owasp | 1 Enterprise Security Api | 2016-05-05 | 2.6 LOW | N/A |
| The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against authenticity in the default configuration, involving a null MAC and a zero MAC length. | |||||