VIR Vulnerability Intelligence Relay

Search

Found 6,690 results in 1261ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2016-9565 critical 9.8 10.0 EXP nagios 10y ago MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed serv…
CVE-2016-7866 critical 9.8 10.0 EXP adobe 10y ago Adobe Animate versions 15.2.1.95 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2016-6854 medium 6.1 7.1 EXP open-xchange 10y ago An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code which got injected to a mail with inline PGP signature gets executed when verifying the signature. Malicious script cod…
CVE-2016-6853 medium 6.1 7.1 EXP open-xchange 10y ago An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code and references to external websites can be injected to the names of PGP public keys. When requesting that key later on …
CVE-2016-6851 medium 6.1 7.1 EXP open-xchange 10y ago An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code can be provided as parameter to the OX Guard guest reader web application. This allows cross-site scripting attacks aga…
CVE-2016-5740 medium 6.1 7.1 EXP open-xchange 10y ago An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used as part of ical attachments within scheduling E-Mails. This content, for example an appointment's l…
CVE-2016-6664 high 7.0 8.0 EXP sles oraclemariadbpercona 10y ago mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percon…
CVE-2016-6663 high 7.0 8.0 EXP sles oracleperconamariadb 10y ago Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server b…
CVE-2016-8655 high 7.8 8.8 EXPFIX slesarch archdebian debian 10y ago Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capabilit…
CVE-2016-8740 high 7.5 8.5 EXPFIX debian debian sles apache 10y ago The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to ca…
CVE-2016-9796 critical 9.8 10.0 EXP alcatel-lucent 10y ago Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista i…
CVE-2016-1247 high 7.8 8.8 EXPFIX slesarch archdebian debian f5nginx 10y ago The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu…
CVE-2015-1328 high 7.8 8.8 EXPFIX debian debianubuntu ubuntu linux-kernel 10y ago The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem director…
CVE-2016-6754 high 8.8 9.8 EXP 10y ago A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-05 could enable a remote attacker to execute arbitrary code when the user is…
CVE-2016-6707 high 7.8 8.8 EXP 10y ago An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the con…
CVE-2016-9151 high 7.8 8.8 EXP 10y ago Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted v…
CVE-2016-9150 critical 9.8 10.0 EXP 10y ago Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 …
CVE-2016-7241 high 7.5 8.5 EXP microsoft 10y ago Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memo…
CVE-2016-7240 high 7.5 8.5 EXP microsoft 10y ago ChakraCore RCE Vulnerability
CVE-2016-7237 medium 6.5 7.5 EXP windows windows 10y ago Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Win…
CVE-2016-7226 medium 6.1 7.1 EXP windows windows 10y ago Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, …
CVE-2016-7225 medium 6.1 7.1 EXP windows windows 10y ago Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, …
CVE-2016-7224 medium 6.1 7.1 EXP windows windows 10y ago Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files…
CVE-2016-7216 medium 5.5 6.5 EXP windows windows 10y ago The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandles permissions, which allows local users to gain privileges via a crafted application, aka…
CVE-2016-7203 high 7.5 8.5 EXP microsoft 10y ago ChakraCore RCE Vulnerability
CVE-2016-7202 high 7.5 8.5 EXP microsoft 10y ago ChakraCore RCE Vulnerability
CVE-2016-8812 high 8.8 9.8 EXP nvidia 10y ago For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before GFE 3.1.0.52 contains a vulnerability in the kernel mode layer (nvstreamkms.sys)…
CVE-2016-8811 high 7.8 8.8 EXP nvidia 10y ago For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler …
CVE-2016-8810 high 7.8 8.8 EXP nvidia 10y ago For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler …
CVE-2016-8809 high 7.8 8.8 EXP nvidia 10y ago For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler …
CVE-2016-8808 high 7.8 8.8 EXP nvidia 10y ago For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler …
CVE-2016-8807 high 7.8 8.8 EXP nvidia 10y ago For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler …
CVE-2016-8806 high 7.8 8.8 EXP nvidia 10y ago For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler …
CVE-2016-8805 high 7.8 8.8 EXP nvidia 10y ago For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler …
CVE-2016-7391 high 7.8 8.8 EXP nvidia 10y ago For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler …
CVE-2016-7390 high 7.8 8.8 EXP nvidia 10y ago For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler …
CVE-2016-7387 high 7.8 8.8 EXP nvidia 10y ago For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler …
CVE-2016-7386 medium 5.5 6.5 EXP nvidia 10y ago For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler …
CVE-2016-7385 high 7.8 8.8 EXP nvidia 10y ago For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler …
CVE-2016-7384 high 7.8 8.8 EXP nvidia 10y ago For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) where un…
CVE-2016-7851 medium 6.1 7.1 EXP adobe 10y ago Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. This vulnerability could be exploited in cross-site scripting attacks.
CVE-2016-9111 medium 6.8 7.8 EXP citrix 10y ago Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection o…
CVE-2016-8870 high 8.1 9.1 EXP joomla 10y ago The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create …
CVE-2016-8869 critical 9.8 10.0 EXP joomla 10y ago The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use o…
CVE-2016-9018 medium 5.5 6.5 EXP realnetworks 10y ago Improper handling of a repeating VRAT chunk in qcpfformat.dll allows attackers to cause a Null pointer dereference and crash in RealNetworks RealPlayer 18.1.5.705 through a crafted .QCP media file.
CVE-2016-8582 critical 9.8 10.0 EXP alienvault 10y ago A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via…
CVE-2016-8581 medium 6.1 7.1 EXP alienvault 10y ago A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the c…
CVE-2016-8580 critical 9.8 10.0 EXP alienvault 10y ago PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included cl…
CVE-2016-5764 high 8.8 9.8 EXP microfocus 10y ago Micro Focus Rumba FTP 4.X client buffer overflow makes it possible to corrupt the stack and allow arbitrary code execution. Fixed in: Rumba FTP 4.5 (HF 14668). This can only occur if a client connect…
CVE-2016-3473 high 7.7 8.7 EXP oracle 10y ago Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confide…
CVE-2016-6828 medium 5.5 6.5 EXPFIX slesdebian debian linux-kernel 10y ago The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a deni…
CVE-2016-7194 high 7.5 8.5 EXP microsoft 10y ago ChakraCore RCE Vulnerability
CVE-2016-7190 high 7.5 8.5 EXP microsoft 10y ago ChakraCore RCE Vulnerability
CVE-2016-7189 high 7.5 8.5 EXP microsoft 10y ago ChakraCore RCE Vulnerability
CVE-2016-7188 high 7.8 8.8 EXP windows windows 10y ago The Standard Collector Service in Windows Diagnostics Hub in Microsoft Windows 10 Gold, 1511, and 1607 mishandles library loading, which allows local users to gain privileges via a crafted applicatio…
CVE-2016-7185 high 7.8 8.8 EXP windows windows 10y ago The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and…
CVE-2016-7182 critical 9.8 10.0 EXP windows windows microsoft 10y ago The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607…
CVE-2016-3388 medium 5.3 6.3 EXP microsoft 10y ago Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsof…
CVE-2016-3387 high 7.5 8.5 EXP microsoft 10y ago Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsof…
CVE-2016-3386 high 7.5 8.5 EXP microsoft 10y ago ChakraCore RCE Vulnerability
CVE-2016-3376 high 7.8 8.8 EXP windows windows 10y ago The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and…
CVE-2016-3209 medium 5.5 6.5 EXP windows windows microsoft 10y ago Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10…
CVE-2016-0079 medium 5.0 6.0 EXP windows windows 10y ago The kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Wi…
CVE-2016-0075 medium 5.5 6.5 EXP windows windows 10y ago The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an…
CVE-2016-0073 medium 5.0 6.0 EXP windows windows 10y ago The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an…
CVE-2016-0070 medium 5.5 6.5 EXP windows windows 10y ago The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows …
CVE-2016-4273 high 8.8 9.8 EXP sles linux-kernelmacos macos adobe 10y ago Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of servi…
CVE-2016-7065 high 8.8 9.8 EXP redhat 10y ago The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted seriali…
CVE-2016-5425 high 7.8 8.8 EXP rhel apacheoracle 10y ago The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows l…
CVE-2016-6689 medium 5.5 6.5 EXP 10y ago Binder in the kernel in Android before 2016-10-05 on Nexus devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30768347.
CVE-2016-5348 medium 5.9 6.9 EXP 10y ago The GPS component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows man-in-the-middle attackers to cause a denial of service…
CVE-2015-2080 high 7.5 8.5 EXP fedora fedora eclipse 10y ago Jetty vulnerable to exposure of sensitive information to unauthenticated remote users
CVE-2016-1000125 critical 9.8 10.0 EXP huge-it 10y ago Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla
CVE-2016-1000124 critical 9.8 10.0 EXP huge-it 10y ago Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6
CVE-2016-1000123 critical 9.8 10.0 EXP huge-it 10y ago Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla
CVE-2016-6435 medium 6.5 7.5 EXP cisco 10y ago The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376.
CVE-2016-6434 high 7.8 8.8 EXP cisco 10y ago Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370.
CVE-2016-6433 high 8.8 9.8 EXP cisco 10y ago The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug …
CVE-2016-1240 high 7.8 8.8 EXP debian debianubuntu ubuntu apache 10y ago The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 …
CVE-2016-2776 high 7.5 8.5 EXPFIX slesdebian debianarch arch isc 10y ago buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service…
CVE-2016-7098 high 8.1 9.1 EXPFIX slesdebian debian gnu 10y ago Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP …
CVE-2016-6662 critical 9.8 10.0 EXP slesdebian debian rhel oracleperconamariadb 10y ago Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x befo…
CVE-2016-4275 high 8.8 9.8 EXP slesmacos macoswindows windows adobe 10y ago Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of servi…
CVE-2016-3373 medium 5.5 6.5 EXP windows windows 10y ago The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 doe…
CVE-2016-3371 medium 5.5 6.5 EXP windows windows 10y ago The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 doe…
CVE-2016-3357 high 7.8 8.8 EXP microsoft 10y ago Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word for Mac 2011, Word 2016 for Mac, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2…
CVE-2016-3324 high 8.8 9.8 EXP microsoft 10y ago Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…
CVE-2016-3247 high 7.5 8.5 EXP microsoft 10y ago Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memo…
CVE-2016-3861 high 7.8 8.8 EXPFIX debian debian 10y ago LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with differen…
CVE-2016-6855 high 7.5 8.5 EXPFIX slesdebian debiansuse suse gnome 10y ago Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds wr…
CVE-2016-1464 high 7.8 8.8 EXP cisco 10y ago Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375.
CVE-2016-1415 medium 5.5 6.5 EXP cisco 10y ago Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted file, aka Bug ID CSCuz80455.
CVE-2016-0772 medium 6.5 7.5 EXPFIX slesdebian debian python 10y ago The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypa…
CVE-2016-6483 high 8.6 9.6 EXP vbulletin 10y ago The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5…
CVE-2016-4264 high 8.6 9.6 EXP adobe 10y ago The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via a craf…
CVE-2016-5680 high 8.8 9.8 EXP netgear 10y ago Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn pa…
CVE-2016-5679 high 8.8 9.8 EXP netgear 10y ago cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn param…
CVE-2016-5678 critical 9.8 10.0 EXP 10y ago NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors.
CVE-2016-5677 high 7.5 8.5 EXP netgear 10y ago NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows…
CVE-2016-5676 high 7.5 8.5 EXP netgear 10y ago cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator passwo…