Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-100000 | 2016-04-27 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This ID is frequently used as an example of the 2014 CVE-ID syntax change, which allows more than 4 digits in the sequence number. Notes: See references. | |||||
| CVE-2014-123456 | 2016-04-27 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This ID is frequently used as an example of the 2014 CVE-ID syntax change, which allows more than 4 digits in the sequence number. Notes: See references. | |||||
| CVE-2014-456132 | 2016-04-27 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This ID is frequently used as an example of the 2014 CVE-ID syntax change, which allows more than 4 digits in the sequence number. Notes: See references. | |||||
| CVE-2014-54321 | 2016-04-27 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This ID is frequently used as an example of the 2014 CVE-ID syntax change, which allows more than 4 digits in the sequence number. Notes: See references. | |||||
| CVE-2014-9999 | 2016-04-27 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This ID is frequently used as an example of the 2014 CVE-ID syntax change, which allows more than 4 digits in the sequence number. Notes: See references. | |||||
| CVE-2014-99999 | 2016-04-27 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This ID is frequently used as an example of the 2014 CVE-ID syntax change, which allows more than 4 digits in the sequence number. Notes: See references. | |||||
| CVE-2014-999999 | 2016-04-27 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This ID is frequently used as an example of the 2014 CVE-ID syntax change, which allows more than 4 digits in the sequence number. Notes: See references. | |||||
| CVE-2016-2305 | 1 Ecava | 1 Integraxor | 2016-04-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-2303 | 1 Ecava | 1 Integraxor | 2016-04-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. | |||||
| CVE-2016-2300 | 1 Ecava | 1 Integraxor | 2016-04-27 | 6.4 MEDIUM | 6.5 MEDIUM |
| Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors. | |||||
| CVE-2016-2306 | 1 Ecava | 1 Integraxor | 2016-04-27 | 7.8 HIGH | 7.5 HIGH |
| The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network. | |||||
| CVE-2016-2302 | 1 Ecava | 1 Integraxor | 2016-04-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages. | |||||
| CVE-2016-2301 | 1 Ecava | 1 Integraxor | 2016-04-27 | 6.5 MEDIUM | 6.3 MEDIUM |
| SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-3569 | 2016-04-26 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3569. Reason: This candidate is a duplicate of CVE-2014-3569. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-3569 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2015-3571 | 2016-04-26 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3571. Reason: This candidate is a duplicate of CVE-2014-3571. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-3571 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2015-3572 | 2016-04-26 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3572. Reason: This candidate is a duplicate of CVE-2014-3572. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-3572 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2016-2146 | 2 Fedoraproject, Uninett | 2 Fedora, Mod Auth Mellon | 2016-04-25 | 5.0 MEDIUM | 7.5 HIGH |
| The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server deadlock, or memory consumption) via a large amount of POST data. | |||||
| CVE-2016-2145 | 2 Fedoraproject, Uninett | 2 Fedora, Mod Auth Mellon | 2016-04-25 | 5.0 MEDIUM | 7.5 HIGH |
| The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash) via a crafted POST data. | |||||
| CVE-2016-2425 | 1 Google | 1 Android | 2016-04-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| mail/compose/ComposeActivity.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 supports file:///data attachments, which allows attackers to obtain sensitive information via a crafted application, aka internal bugs 7154234 and 26989185. | |||||
| CVE-2016-2423 | 1 Google | 1 Android | 2016-04-25 | 6.6 MEDIUM | 6.1 MEDIUM |
| server/telecom/CallsManager.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider whether a device is provisioned, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26303187. | |||||