Total
1465 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8177 | 1 Redhat | 4 Enterprise Linux, Gluster Storage Management Console, Gluster Storage Server and 1 more | 2019-04-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit when combined. | |||||
| CVE-2016-10065 | 2 Imagemagick, Opensuse | 2 Imagemagick, Leap | 2019-04-12 | 6.8 MEDIUM | 7.8 HIGH |
| The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | |||||
| CVE-2016-4591 | 1 Apple | 4 Iphone Os, Safari, Tvos and 1 more | 2019-03-25 | 7.8 HIGH | 7.5 HIGH |
| WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors. | |||||
| CVE-2015-4594 | 1 Eclinicalworks | 1 Population Health | 2019-03-13 | 7.5 HIGH | 9.8 CRITICAL |
| eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an existent session ID. | |||||
| CVE-2015-7055 | 1 Apple | 2 Iphone Os, Tvos | 2019-03-08 | 9.3 HIGH | N/A |
| AppleMobileFileIntegrity in Apple iOS before 9.2 and tvOS before 9.1 does not prevent changes to access-control structures, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2016-8288 | 1 Oracle | 1 Mysql | 2019-03-07 | 4.9 MEDIUM | 3.1 LOW |
| Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin. | |||||
| CVE-2016-6724 | 1 Google | 1 Android | 2019-03-07 | 7.1 HIGH | 5.5 MEDIUM |
| A denial of service vulnerability in the Input Manager Service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to cause the device to continually reboot. This issue is rated as Moderate because it is a temporary denial of service that requires a factory reset to fix. Android ID: A-30568284. | |||||
| CVE-2016-6723 | 1 Google | 1 Android | 2019-03-07 | 5.4 MEDIUM | 4.7 MEDIUM |
| A denial of service vulnerability in Proxy Auto Config in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Android ID: A-30100884. | |||||
| CVE-2016-6715 | 1 Google | 1 Android | 2019-03-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| An elevation of privilege vulnerability in the Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could allow a local malicious application to record audio without the user's permission. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-29833954. | |||||
| CVE-2016-6719 | 1 Google | 1 Android | 2019-03-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| An elevation of privilege vulnerability in the Bluetooth component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to pair with any Bluetooth device without user consent. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission.) Android ID: A-29043989. | |||||
| CVE-2016-6713 | 1 Google | 1 Android | 2019-03-06 | 7.1 HIGH | 5.5 MEDIUM |
| A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-30822755. | |||||
| CVE-2016-6714 | 1 Google | 1 Android | 2019-03-06 | 7.1 HIGH | 5.5 MEDIUM |
| A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-31092462. | |||||
| CVE-2016-5613 | 1 Oracle | 1 Vm Virtualbox | 2019-03-04 | 2.1 LOW | 4.3 MEDIUM |
| Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5608. | |||||
| CVE-2016-5610 | 1 Oracle | 1 Vm Virtualbox | 2019-03-04 | 4.6 MEDIUM | 6.8 MEDIUM |
| Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core. | |||||
| CVE-2016-5608 | 1 Oracle | 1 Vm Virtualbox | 2019-03-04 | 2.1 LOW | 5.5 MEDIUM |
| Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5613. | |||||
| CVE-2016-3159 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Vm Server and 1 more | 2019-02-21 | 1.7 LOW | 3.8 LOW |
| The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076. | |||||
| CVE-2013-5654 | 1 Yingzhipython Project | 1 Yingzhipython | 2019-02-21 | 9.4 HIGH | 9.1 CRITICAL |
| Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storage | |||||
| CVE-2015-7865 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2019-02-13 | 7.7 HIGH | N/A |
| nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows does not properly restrict access to the stereosvrpipe named pipe, which allows local users to gain privileges via a commandline in a number 2 command, which is stored in the HKEY_LOCAL_MACHINE explorer Run registry key, a different vulnerability than CVE-2011-4784. | |||||
| CVE-2015-2559 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2019-02-05 | 3.5 LOW | N/A |
| Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL. | |||||
| CVE-2015-2172 | 1 Dokuwiki | 1 Dokuwiki | 2019-02-05 | 6.5 MEDIUM | N/A |
| DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API. | |||||