Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2424 | 1 Google | 1 Android | 2016-04-25 | 7.1 HIGH | 5.5 MEDIUM |
| server/content/SyncStorageEngine.java in SyncStorageEngine in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mismanages certain authority data, which allows attackers to cause a denial of service (reboot loop) via a crafted application, aka internal bug 26513719. | |||||
| CVE-2016-2414 | 1 Google | 1 Android | 2016-04-21 | 4.9 MEDIUM | 6.2 MEDIUM |
| The Minikin library in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider negative size values in font data, which allows remote attackers to cause a denial of service (memory corruption and reboot loop) via a crafted font, aka internal bug 26413177. | |||||
| CVE-2015-8682 | 1 Huawei | 4 Mate S, Mate S Firmware, P8 and 1 more | 2016-04-20 | 7.8 HIGH | 6.1 MEDIUM |
| The Video0 driver in Huawei P8 smartphones with software GRA-UL00 before GRA-UL00C00B350, GRA-UL10 before GRA-UL10C00B350, GRA-TL00 before GRA-TL00C01B350, GRA-CL00 before GRA-CL00C92B350, and GRA-CL10 before GRA-CL10C92B350 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to obtain sensitive information from stack memory or cause a denial of service (system crash) via a crafted application, which triggers an invalid memory access. | |||||
| CVE-2016-2411 | 1 Google | 1 Android | 2016-04-20 | 9.3 HIGH | 6.5 MEDIUM |
| A Qualcomm Power Management kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages root access, aka internal bug 26866053. | |||||
| CVE-2016-3678 | 1 Huawei | 10 S5300, S5300 Firmware, S5700 and 7 more | 2016-04-14 | 7.8 HIGH | 7.5 HIGH |
| Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with software before V200R003SPH012 allow remote attackers to cause a denial of service (switch restart) via crafted traffic. | |||||
| CVE-2015-8305 | 1 Huawei | 2 P7, P7 Firmware | 2016-04-14 | 7.1 HIGH | 5.5 MEDIUM |
| Huawei Sophia-L10 smartphones with software before P7-L10C900B852 allow attackers to cause a denial of service (system panic) via a crafted application with the system or camera privilege. | |||||
| CVE-2013-6422 | 3 Canonical, Debian, Haxx | 3 Ubuntu Linux, Debian Linux, Libcurl | 2016-04-07 | 4.0 MEDIUM | N/A |
| The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks. | |||||
| CVE-2016-1338 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2016-03-19 | 8.0 HIGH | 6.5 MEDIUM |
| Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 allows remote authenticated users to cause a denial of service (VoIP outage) via a crafted SIP message, aka Bug ID CSCuu43026. | |||||
| CVE-2015-5042 | 1 Ibm | 1 Emptoris Contract Management | 2016-03-10 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote attackers to execute arbitrary code by including a crafted Flash file. | |||||
| CVE-2016-2537 | 1 Is My Json Valid Project | 1 Is My Json Valid | 2016-02-29 | 5.0 MEDIUM | 7.5 HIGH |
| The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports['utc-millisec'] regular expression, which allows remote attackers to cause a denial of service (blocked event loop) via a crafted string. | |||||
| CVE-2016-1303 | 1 Cisco | 16 500 Series Switch Firmware, Sf500-24, Sf500-24p and 13 more | 2016-02-24 | 7.8 HIGH | 7.5 HIGH |
| The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330. | |||||
| CVE-2015-8489 | 1 Cybozu | 1 Office | 2016-02-22 | 6.8 MEDIUM | 6.5 MEDIUM |
| customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service (excessive database locking) via a crafted CSV file, a different vulnerability than CVE-2016-1153. | |||||
| CVE-2016-0754 | 2 Haxx, Microsoft | 2 Curl, Windows | 2016-02-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name. | |||||
| CVE-2015-7759 | 1 F5 | 8 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 5 more | 2016-01-15 | 4.3 MEDIUM | 3.7 LOW |
| BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 12.0.0 before HF1, when the TCP profile for a virtual server is configured with Congestion Metrics Cache enabled, allow remote attackers to cause a denial of service (Traffic Management Microkernel (TMM) restart) via crafted ICMP packets, related to Path MTU (PMTU) discovery. | |||||
| CVE-2015-8225 | 1 Huawei | 2 Ale Firmware, Gem-703l Firmware | 2016-01-14 | 7.1 HIGH | 5.5 MEDIUM |
| The Joint Photographic Experts Group Processing Unit (JPU) driver in Huawei ALE smartphones with software before ALE-UL00C00B220 and ALE-TL00C01B220 and GEM-703L smartphones with software before V100R001C233B111 allows remote attackers to cause a denial of service (crash) via a crafted application with the system or camera permission, a different vulnerability than CVE-2015-8226. | |||||
| CVE-2015-8226 | 1 Huawei | 2 Ale Firmware, Gem-703l Firmware | 2016-01-13 | 7.1 HIGH | 5.5 MEDIUM |
| The Joint Photographic Experts Group Processing Unit (JPU) driver in Huawei ALE smartphones with software before ALE-UL00C00B220 and ALE-TL00C01B220 and GEM-703L smartphones with software before V100R001C233B111 allows remote attackers to cause a denial of service (crash) via a crafted application with the system or camera permission, a different vulnerability than CVE-2015-8225. | |||||
| CVE-2015-7754 | 1 Juniper | 1 Screenos | 2016-01-13 | 9.3 HIGH | 8.1 HIGH |
| Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation. | |||||
| CVE-2015-8760 | 1 Typo3 | 1 Typo3 | 2016-01-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka "Cross-Site Flashing." | |||||
| CVE-2015-8331 | 1 Huawei | 1 Vcn500 | 2016-01-11 | 5.8 MEDIUM | 7.4 HIGH |
| The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an "abnormal exit" occurs, which allows remote attackers to conduct replay attacks via the session ID. | |||||
| CVE-2015-7416 | 2 Ibm, Microsoft | 2 I Access, Windows | 2016-01-05 | 2.1 LOW | 4.0 MEDIUM |
| AFP Workbench Viewer in IBM i Access 7.1 on Windows allows remote attackers to cause a denial of service (viewer crash) via a crafted workbench file. | |||||