VIR Vulnerability Intelligence Relay

Search

Found 4,127 results in 889ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2016-6662 critical 9.8 10.0 EXP slesdebian debian rhel oracleperconamariadb 10y ago Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x befo…
CVE-2016-3373 medium 5.5 6.5 EXP windows windows 10y ago The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 doe…
CVE-2016-3371 medium 5.5 6.5 EXP windows windows 10y ago The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 doe…
CVE-2016-1415 medium 5.5 6.5 EXP cisco 10y ago Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted file, aka Bug ID CSCuz80455.
CVE-2016-0772 medium 6.5 7.5 EXPFIX slesdebian debian python 10y ago The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypa…
CVE-2016-5678 critical 9.8 10.0 EXP 10y ago NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors.
CVE-2016-5675 critical 9.8 10.0 EXP netgearnuuo 10y ago handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remot…
CVE-2016-5674 critical 9.8 10.0 EXP netgear 10y ago __debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbit…
CVE-2016-6195 critical 9.8 10.0 EXP vbulletin 10y ago SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via…
CVE-2015-5399 medium 5.4 6.4 EXP phpvibe 10y ago Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows remote authenticated users to inject arbitrary web script or HTML via a comment.
CVE-2016-6909 critical 9.8 10.0 EXP 10y ago Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code …
CVE-2016-5847 medium 5.8 6.8 EXP sap 10y ago SAP SAPCAR allows local users to change the permissions of arbitrary files and consequently gain privileges via a hard link attack on files extracted from an archive, possibly related to SAP Security…
CVE-2016-5845 medium 5.5 6.5 EXP sap 10y ago SAP SAPCAR does not check the return value of file operations when extracting files, which allows remote attackers to cause a denial of service (program crash) via an invalid file name in an archive …
CVE-2016-3078 critical 9.8 10.0 EXP sles php 10y ago Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly hav…
CVE-2016-6512 medium 5.9 6.9 EXPFIX slesdebian debian wireshark 10y ago epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a c…
CVE-2016-6505 medium 5.9 6.9 EXPFIX slesdebian debian wireshark 10y ago epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and appl…
CVE-2016-6504 medium 5.9 6.9 EXPFIX slesdebian debian wireshark 10y ago epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service…
CVE-2016-6503 medium 5.9 6.9 EXPFIX slesdebian debian wireshark 10y ago The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which allows remote attackers to cause a denial of servic…
CVE-2016-6186 medium 6.1 7.1 EXPFIX slesdebian debian djangoproject 10y ago Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, an…
CVE-2016-1609 medium 5.4 6.4 EXP novell 10y ago Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTM…
CVE-2016-3542 medium 6.5 7.5 EXP oracle 10y ago Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentia…
CVE-2016-3510 critical 9.8 10.0 EXP oracle 10y ago Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availa…
CVE-2016-4372 critical 9.8 10.0 EXP hp 10y ago HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM before 7.2 E0401P04, iMC NTA before 7.2 E0401P01, iMC BIMS before 7.2 E0402P02, and iMC UAM_TAM before 7.2 E0405P05 allow remote…
CVE-2016-4208 critical 9.8 10.0 EXP macos macos adobe 10y ago Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker…
CVE-2016-4207 critical 9.8 10.0 EXP macos macos adobe 10y ago Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker…
CVE-2016-4206 critical 9.8 10.0 EXP macos macos adobe 10y ago Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker…
CVE-2016-4205 critical 9.8 10.0 EXP macos macos adobe 10y ago Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker…
CVE-2016-4204 critical 9.8 10.0 EXP macos macos adobe 10y ago Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker…
CVE-2016-4203 critical 9.8 10.0 EXP macos macos adobe 10y ago Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker…
CVE-2016-4201 critical 9.8 10.0 EXP macos macos adobe 10y ago Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker…
CVE-2016-5734 critical 9.8 10.0 EXPFIX debian debian phpmyadmin 10y ago phpMyAdmin Code Injection vulnerability
CVE-2016-5228 critical 9.8 10.0 EXP microfocus 10y ago Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers t…
CVE-2016-1606 critical 9.8 10.0 EXP microfocus 10y ago Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via (1) the NetworkName property value to ObjectXS…
CVE-2016-0400 medium 6.1 7.1 EXP ibm 10y ago CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP hea…
CVE-2016-5304 medium 6.8 7.8 EXP symantec 10y ago Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites…
CVE-2016-3652 medium 5.4 6.4 EXP symantec 10y ago Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web s…
CVE-2016-3645 critical 9.8 10.0 EXP symantec 10y ago Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web …
CVE-2016-4138 critical 9.8 10.0 EXP sles rhelmacos macos adobe 10y ago Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack…
CVE-2016-3236 critical 9.8 10.0 EXP windows windows 10y ago The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT…
CVE-2016-3216 medium 4.3 5.3 EXP windows windows 10y ago GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gol…
CVE-2016-3670 medium 6.1 7.1 EXP liferay 10y ago Liferay Portal Vulnerable to XSS in Profile Search Functionality
CVE-2016-5108 critical 9.8 10.0 EXPFIX slesdebian debian videolan 10y ago Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute ar…
CVE-2016-3087 critical 9.8 10.0 EXP apache 10y ago Apache Struts vulnerable to arbitrary remote code execution due to improper input validation
CVE-2016-2784 medium 4.7 5.7 EXP cmsmadesimple 10y ago CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS)…
CVE-2016-4578 medium 5.5 6.5 EXPFIX sles linux-kerneldebian debian 10y ago sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of…
CVE-2016-4071 critical 9.8 10.0 EXP slesmacos macos php 10y ago Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via for…
CVE-2016-1839 medium 5.5 6.5 EXPFIX slesdebian debian rhel mcafeexmlsoft 10y ago The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial o…
CVE-2016-1838 medium 5.5 6.5 EXPFIX debian debian rhelubuntu ubuntu mcafeexmlsoft 10y ago The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to…
CVE-2016-1807 medium 5.1 6.1 EXPFIX macos macos 10y ago Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel …
CVE-2016-2208 critical 9.1 10.0 EXP symantec 10y ago The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system …
CVE-2015-6835 critical 9.8 10.0 EXP php 10y ago The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or ca…
CVE-2015-6834 critical 9.8 10.0 EXP php 10y ago Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable…
CVE-2016-2298 critical 9.8 10.0 EXP meteocontrol 10y ago Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors.
CVE-2016-2296 critical 9.4 10.0 EXP meteocontrol 10y ago Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify dat…
CVE-2016-1209 critical 9.8 10.0 EXP ninjaforms 10y ago The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request.
CVE-2016-1077 critical 9.8 10.0 EXP macos macos adobe 10y ago Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attacker…
CVE-2016-0169 medium 6.5 7.5 EXP windows windows 10y ago GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attacke…
CVE-2016-0168 medium 6.5 7.5 EXP windows windows 10y ago GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attacke…
CVE-2016-3717 medium 5.5 6.5 EXPFIX debian debian rhelubuntu ubuntu imagemagick 10y ago The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
CVE-2016-2107 medium 5.9 6.9 EXPFIX sles rhelsuse suse opensslhpnodejs 10y ago The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleart…
CVE-2016-3140 medium 4.6 5.6 EXPFIX slesdebian debiansuse suse novell 10y ago The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and s…
CVE-2016-3136 medium 4.6 5.6 EXPFIX debian debiansuse suseubuntu ubuntu novell 10y ago The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and s…
CVE-2016-2188 medium 4.6 5.6 EXPFIX debian debiansuse suseubuntu ubuntu novell 10y ago The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system c…
CVE-2016-3139 medium 4.6 5.6 EXPFIX slesdebian debiansuse suse novell 10y ago The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system cr…
CVE-2016-2782 medium 4.6 5.6 EXPFIX debian debiansuse suse linux-kernel suse 10y ago The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or…
CVE-2016-2384 medium 4.6 5.6 EXPFIX slesdebian debian linux-kernel 10y ago Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly …
CVE-2016-2184 medium 4.6 5.6 EXPFIX debian debiansuse suseubuntu ubuntu novell 10y ago The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL poin…
CVE-2015-7515 medium 4.6 5.6 EXPFIX debian debian linux-kernel 10y ago The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash…
CVE-2016-3074 critical 9.8 10.0 EXPFIX slesdebian debiansuse suse libgdphp 10y ago Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed g…
CVE-2016-1596 medium 5.4 6.4 EXP novell 10y ago Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain (1) user name, …
CVE-2016-1595 medium 6.5 7.5 EXP novell 10y ago LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language (HQL) injection att…
CVE-2016-1594 medium 6.5 7.5 EXP novell 10y ago Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via …
CVE-2016-2004 critical 9.8 10.0 EXP hp 10y ago HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulner…
CVE-2016-2417 critical 9.8 10.0 EXP 10y ago media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a parameter data structure, which allows atta…
CVE-2016-4004 medium 4.9 5.9 EXP dell 10y ago Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file param…
CVE-2016-3987 critical 9.8 10.0 EXP trendmicro 10y ago The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.
CVE-2016-1885 medium 6.2 7.2 EXP freebsd freebsd 10y ago Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9.3 before p39, 10.1 before p31, and 10.2 before p14 allows local users to cause a denial of service…
CVE-2015-8399 medium 4.3 5.3 EXP atlassian 10y ago Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdeco…
CVE-2015-8398 medium 6.1 7.1 EXP atlassian 10y ago Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to rest/prototype/1/session/check.
CVE-2016-2385 critical 9.8 10.0 EXPFIX debian debian kamailio 10y ago Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio (formerly OpenSER and SER) before 4.3.5 allows remote attackers to cause a denial of service (memo…
CVE-2016-0784 medium 6.5 7.5 EXP apache 10y ago Apache OpenMeetings Directory Traversal vulnerability
CVE-2016-3984 medium 5.1 6.1 EXP mcafee 10y ago The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1,…
CVE-2016-3963 medium 5.3 6.3 EXP 10y ago Siemens SCALANCE S613 allows remote attackers to cause a denial of service (web-server outage) via traffic to TCP port 443.
CVE-2016-2851 critical 9.8 10.0 EXPFIX slesdebian debiansuse suse cypherpunks 10y ago Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a s…
CVE-2016-2563 critical 9.8 10.0 EXPFIX slesdebian debian 9bissimon_tatham 10y ago Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute…
CVE-2016-3974 critical 9.1 10.0 EXP sap 10y ago XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access…
CVE-2016-1741 critical 9.8 10.0 EXP macos macos 10y ago The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) vi…
CVE-2016-3116 medium 6.4 7.4 EXPFIX debian debian dropbear_ssh_project 10y ago CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data.
CVE-2016-3115 medium 6.4 7.4 EXPFIX slesdebian debian openbsd 10y ago Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, re…
CVE-2016-2345 critical 9.8 10.0 EXP dameware 10y ago Stack-based buffer overflow in dwrcs.exe in the dwmrcs daemon in SolarWinds DameWare Mini Remote Control 12.0 allows remote attackers to execute arbitrary code via a crafted string.
CVE-2016-0954 critical 9.8 10.0 EXP adobe 10y ago Adobe Digital Editions before 4.5.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2016-0120 medium 6.5 7.5 EXP windows windows 10y ago The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and…
CVE-2016-2279 medium 6.1 7.1 EXP rockwellautomation 10y ago Cross-site scripting (XSS) vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L* before 28.011+ allows remote attackers to inject arbitrary web script or HTML via …
CVE-2016-0800 medium 5.9 6.9 EXPFIX debian debian opensslpulsesecure 10y ago The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain p…
CVE-2016-1524 critical 9.6 10.0 EXP netgear 11y ago Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-…
CVE-2016-1287 critical 9.8 10.0 EXP 11y ago Buffer overflow in the IKEv1 and IKEv2 implementations in Cisco ASA Software before 8.4(7.30), 8.7 before 8.7(1.18), 9.0 before 9.0(4.38), 9.1 before 9.1(7), 9.2 before 9.2(4.5), 9.3 before 9.3(3.7),…
CVE-2016-0953 critical 9.8 10.0 EXP macos macos adobe 11y ago Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspeci…
CVE-2016-0952 critical 9.8 10.0 EXP macos macos adobe 11y ago Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspeci…
CVE-2016-0951 critical 9.8 10.0 EXP macos macos adobe 11y ago Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspeci…
CVE-2016-0049 medium 6.2 7.2 EXP windows windows 11y ago Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 does not properly validate passw…