Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3146 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2016-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet. | |||||
| CVE-2016-3167 | 3 Debian, Drupal, Php | 3 Debian Linux, Drupal, Php | 2016-04-19 | 6.4 MEDIUM | 7.4 HIGH |
| Open redirect vulnerability in the drupal_goto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the "destination" parameter. | |||||
| CVE-2016-3164 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2016-04-13 | 5.8 MEDIUM | 7.4 HIGH |
| Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a 404 error page, related to path manipulation. | |||||
| CVE-2016-3166 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2016-04-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| CRLF injection vulnerability in the drupal_set_header function in Drupal 6.x before 6.38, when used with PHP before 5.1.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by leveraging a module that allows user-submitted data to appear in HTTP headers. | |||||
| CVE-2016-2343 | 1 Patterson Dental | 1 Eaglesoft | 2016-04-04 | 10.0 HIGH | 9.8 CRITICAL |
| Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the dba account, which allows remote attackers to obtain sensitive Dental.DB patient information via SQL statements. | |||||
| CVE-2014-9386 | 1 Zenoss | 1 Zenoss Core | 2016-03-21 | 6.8 MEDIUM | N/A |
| Zenoss Core before 4.2.5 SP161 sets an infinite lifetime for the session ID cookie, which makes it easier for remote attackers to hijack sessions by leveraging an unattended workstation, aka ZEN-12691. | |||||
| CVE-2014-6255 | 1 Zenoss | 1 Zenoss Core | 2016-03-21 | 6.4 MEDIUM | N/A |
| Open redirect vulnerability in the login form in Zenoss Core before 4.2.5 SP161 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the came_from parameter, aka ZEN-11998. | |||||
| CVE-2015-8287 | 1 Swann | 4 Srnvw-470lcd, Srnvw-470lcd Firmware, Swnvw-470cam and 1 more | 2016-03-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| Swann SRNVW-470LCD devices with firmware through 0114 and SWNVW-470CAM devices with firmware through 1022 allow remote attackers to watch live video by visiting an unspecified URL. | |||||
| CVE-2015-6022 | 1 Qnap | 1 Signage Station | 2016-03-08 | 9.0 HIGH | 8.8 HIGH |
| Unrestricted file upload vulnerability in QNAP Signage Station before 2.0.1 allows remote authenticated users to execute arbitrary code by uploading an executable file, and then accessing this file via an unspecified URL. | |||||
| CVE-2015-6036 | 1 Qnap | 1 Sinage Station | 2016-03-02 | 5.0 MEDIUM | 7.5 HIGH |
| QNAP Signage Station before 2.0.1 allows remote attackers to bypass authentication, and consequently upload files, via a spoofed HTTP request. | |||||
| CVE-2015-7428 | 1 Ibm | 1 Websphere Portal | 2016-03-02 | 5.8 MEDIUM | 7.4 HIGH |
| Open redirect vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. | |||||
| CVE-2015-8483 | 1 Cybozu | 1 Office | 2016-02-22 | 5.8 MEDIUM | 7.4 HIGH |
| Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. | |||||
| CVE-2016-1138 | 1 Kddi | 2 Home Spot Cube, Home Spot Cube Firmware | 2016-02-10 | 4.3 MEDIUM | 4.7 MEDIUM |
| CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors. | |||||
| CVE-2016-1137 | 1 Kddi | 2 Home Spot Cube, Home Spot Cube Firmware | 2016-02-10 | 5.8 MEDIUM | 7.4 HIGH |
| Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2015-8616 | 1 Php | 1 Php | 2016-01-22 | 7.5 HIGH | 8.6 HIGH |
| Use-after-free vulnerability in the Collator::sortWithSortKeys function in ext/intl/collator/collator_sort.c in PHP 7.x before 7.0.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging the relationships between a key buffer and a destroyed array. | |||||
| CVE-2015-8597 | 1 Bluecoat | 2 Advanced Secure Gateway, Proxysg | 2016-01-13 | 5.8 MEDIUM | 7.4 HIGH |
| Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in conjunction with a "clear text" one in a coaching page, as demonstrated by "http://www.%humbug-URL%.local/bluecoat-splash-API?%BASE64-URL%." | |||||
| CVE-2015-7024 | 1 Apple | 1 Mac Os X | 2016-01-12 | 6.9 MEDIUM | 6.7 MEDIUM |
| Untrusted search path vulnerability in Apple OS X before 10.11.1 allows local users to bypass intended Gatekeeper restrictions and gain privileges via a Trojan horse program that is loaded from an unexpected directory by an application that has a valid Apple digital signature. | |||||
| CVE-2015-5987 | 1 Zyxel | 1 Gs1900-10hp Firmware | 2015-12-31 | 5.0 MEDIUM | 8.6 HIGH |
| Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value. | |||||
| CVE-2015-2876 | 2 Lacie, Seagate | 7 Lac9000436u, Lac9000436u Firmware, Lac9000464u and 4 more | 2015-12-31 | 8.3 HIGH | 8.8 HIGH |
| Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session. | |||||
| CVE-2015-6538 | 1 Ephiphanyheathdata | 1 Cardio Server | 2015-12-28 | 7.5 HIGH | 9.8 CRITICAL |
| The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles authentication requests, which allows remote attackers to conduct LDAP injection attacks, and consequently bypass intended access restrictions, via a crafted URL. | |||||