Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7677 | 1 Ipswitch | 1 Moveit Dmz | 2016-02-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll. | |||||
| CVE-2016-1138 | 1 Kddi | 2 Home Spot Cube, Home Spot Cube Firmware | 2016-02-10 | 4.3 MEDIUM | 4.7 MEDIUM |
| CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors. | |||||
| CVE-2016-1140 | 1 Kddi | 2 Home Spot Cube, Home Spot Cube Firmware | 2016-02-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unspecified vectors. | |||||
| CVE-2016-1139 | 1 Kddi | 2 Home Spot Cube, Home Spot Cube Firmware | 2016-02-10 | 6.8 MEDIUM | 7.5 HIGH |
| Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2016-1137 | 1 Kddi | 2 Home Spot Cube, Home Spot Cube Firmware | 2016-02-10 | 5.8 MEDIUM | 7.4 HIGH |
| Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2016-1136 | 1 Kddi | 2 Home Spot Cube, Home Spot Cube Firmware | 2016-02-10 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-7681 | 2016-02-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn. Notes: none. | |||||
| CVE-2015-7909 | 1 Hospira | 2 Communication Engine, Lifecare Pca Infusion System | 2016-02-09 | 7.5 HIGH | 7.3 HIGH |
| Stack-based buffer overflow in Hospira Communication Engine (CE) before 1.2 in LifeCare PCA Infusion System 5.07, Plum A+ Infusion System 13.40, and Plum A+3 Infusion System 13.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via traffic on TCP port 5000. | |||||
| CVE-2016-1143 | 1 Vine Mv Project | 1 Vine Mv | 2016-02-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in main.rb in Vine MV before 2015-11-08 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-6553 | 2016-02-05 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none. | |||||
| CVE-2015-2302 | 2016-02-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6405. Reason: This candidate is a reservation duplicate of CVE-2014-6405. Notes: All CVE users should reference CVE-2014-6405 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2015-2303 | 2016-02-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6406. Reason: This candidate is a reservation duplicate of CVE-2014-6406. Notes: All CVE users should reference CVE-2014-6406 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2016-1141 | 1 Kddi | 2 Home Spot Cube, Home Spot Cube Firmware | 2016-02-02 | 6.5 MEDIUM | 4.7 MEDIUM |
| KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2016-7028 | 2016-02-01 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-0728. Reason: This candidate is a duplicate of CVE-2016-0728. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2016-0728 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2016-1233 | 1 Debian | 2 Debian Linux, Fuse | 2016-01-31 | 7.2 HIGH | 7.8 HIGH |
| An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl. | |||||
| CVE-2016-1896 | 1 Lexmark | 28 C4150, C6160, Cs720de and 25 more | 2016-01-31 | 10.0 HIGH | 9.8 CRITICAL |
| Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status. | |||||
| CVE-2016-3197 | 2016-01-29 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-3197. Reason: This candidate is a duplicate of CVE-2015-3197. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2015-3197 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2016-1300 | 1 Cisco | 1 Unity Connection | 2016-01-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582. | |||||
| CVE-2015-7487 | 1 Ibm | 13 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 10 more | 2016-01-27 | 4.9 MEDIUM | 4.1 MEDIUM |
| IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files. | |||||
| CVE-2015-7439 | 1 Ibm | 4 Rational Software Architect, Rational Software Architect For Websphere Software, Rational Software Architect For Websphere Software\' and 1 more | 2016-01-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in InfoSphere Data Architect (IDA), as distributed in IBM Rational Software Architect 8.5 through 9.5, Rational Software Architect for WebSphere Software (RSA4WS) 8.5 through 9.5, and Rational Software Architect RealTime (RSART) 8.5 through 9.5, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||