Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1273 | 1 Juniper | 3 Junos, Qfx10002, Qfx5100 | 2016-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Juniper Junos OS before 13.2X51-D40, 14.x before 14.1X53-D30, and 15.x before 15.1X53-D20 on QFX5100 and QFX10002 switches do not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic encryption and authentication protection mechanisms via unspecified vectors. | |||||
| CVE-2015-8474 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2016-04-20 | 5.8 MEDIUM | 7.4 HIGH |
| Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted back_url parameter, as demonstrated by "@attacker.com," a different vulnerability than CVE-2014-1985. | |||||
| CVE-2015-8346 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2016-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form. | |||||
| CVE-2015-8537 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2016-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed. | |||||
| CVE-2016-2410 | 1 Google | 1 Android | 2016-04-20 | 6.9 MEDIUM | 7.4 HIGH |
| A Qualcomm video kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 26291677. | |||||
| CVE-2015-8473 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2016-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects. | |||||
| CVE-2016-0849 | 1 Google | 1 Android | 2016-04-20 | 7.2 HIGH | 8.4 HIGH |
| Multiple integer overflows in minzip/SysUtil.c in the Recovery Procedure in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26960931. | |||||
| CVE-2016-0848 | 1 Google | 1 Android | 2016-04-20 | 7.2 HIGH | 8.4 HIGH |
| Race condition in Download Manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to bypass private-storage file-access restrictions via a crafted application that changes a symlink target, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26211054. | |||||
| CVE-2016-1270 | 1 Juniper | 1 Junos | 2016-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The rpd daemon in Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D40, 13.3 before 13.3R6, 14.1 before 14.1R4, and 14.2 before 14.2R2, when configured with BGP-based L2VPN or VPLS, allows remote attackers to cause a denial of service (daemon restart) via a crafted L2VPN family BGP update. | |||||
| CVE-2016-0844 | 1 Google | 1 Android | 2016-04-20 | 7.2 HIGH | 8.4 HIGH |
| The Qualcomm RF driver in Android 6.x before 2016-04-01 does not properly restrict access to socket ioctl calls, which allows attackers to gain privileges via a crafted application, aka internal bug 26324307. | |||||
| CVE-2016-0843 | 1 Google | 1 Android | 2016-04-20 | 7.2 HIGH | 8.4 HIGH |
| The Qualcomm ARM processor performance-event manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application, aka internal bug 25801197. | |||||
| CVE-2016-1269 | 1 Juniper | 1 Junos | 2016-04-20 | 7.8 HIGH | 7.5 HIGH |
| Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R9, 13.2X51 before 13.2X51-D39, 13.3 before 13.3R8, 14.1 before 14.1R6, 14.1X53 before 14.1X53-D30, 14.2 before 14.2R4-S1, 15.1 before 15.1R2, 15.1X49 before 15.1X49-D30, and 16.1 before 16.1R1 allow remote attackers to cause a denial of service (socket consumption) via crafted TCP timestamps. | |||||
| CVE-2016-0841 | 1 Google | 1 Android | 2016-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| media/libmedia/mediametadataretriever.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mishandles cleared service binders, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26040840. | |||||
| CVE-2016-0837 | 1 Google | 1 Android | 2016-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via a crafted media file, aka internal bug 27208621. | |||||
| CVE-2016-0839 | 1 Google | 1 Android | 2016-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| post_proc/volume_listener.c in mediaserver in Android 6.x before 2016-04-01 mishandles deleted effect context, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25753245. | |||||
| CVE-2016-0838 | 1 Google | 1 Android | 2016-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Sonivox in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a negative number of samples, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to arm-wt-22k/lib_src/eas_wtengine.c and arm-wt-22k/lib_src/eas_wtsynth.c, aka internal bug 26366256. | |||||
| CVE-2016-0835 | 1 Google | 1 Android | 2016-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| decoder/impeg2d_dec_hdr.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a certain negative value, aka internal bug 26070014. | |||||
| CVE-2016-0712 | 1 Apache | 1 Jetspeed | 2016-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to portal. | |||||
| CVE-2016-0711 | 1 Apache | 1 Jetspeed | 2016-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a (1) link, (2) page, or (3) folder resource. | |||||
| CVE-2016-0710 | 1 Apache | 1 Jetspeed | 2016-04-20 | 7.5 HIGH | 8.8 HIGH |
| Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/. | |||||