Total
309400 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8383 | 1 Marklogic | 1 Marklogic | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable heap corruption vulnerability exists in the Doc_GetFontTable functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious doc file to trigger this vulnerability. | |||||
| CVE-2016-8382 | 1 Marklogic | 1 Marklogic | 2024-11-21 | 6.8 MEDIUM | 8.3 HIGH |
| An exploitable heap corruption vulnerability exists in the Doc_SetSummary functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An attacker can send a malicious doc file to trigger this vulnerability. | |||||
| CVE-2016-8380 | 1 Phoenixcontact | 2 Ilc Plcs, Ilc Plcs Firmware | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication. | |||||
| CVE-2016-8371 | 1 Phoenixcontact | 2 Ilc Plcs, Ilc Plcs Firmware | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled. | |||||
| CVE-2016-8366 | 1 Phoenixcontact | 2 Ilc Plcs, Ilc Plcs Firmware | 2024-11-21 | 5.0 MEDIUM | 7.3 HIGH |
| Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text. | |||||
| CVE-2016-8365 | 1 Osisoft | 4 Pi Af Client, Pi Buffer Subsystem, Pi Data Archive and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| OSIsoft PI System software (Applications using PI Asset Framework (AF) Client versions prior to PI AF Client 2016, Version 2.8.0; Applications using PI Software Development Kit (SDK) versions prior to PI SDK 2016, Version 1.4.6; PI Buffer Subsystem, versions prior to and including, Version 4.4; and PI Data Archive versions prior to PI Data Archive 2015, Version 3.4.395.64) operates between endpoints without a complete model of endpoint features potentially causing the product to perform actions based on this incomplete model, which could result in a denial of service. OSIsoft reports that in order to exploit the vulnerability an attacker would need to be locally connected to a server. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) | |||||
| CVE-2016-8220 | 1 Pivotal Software | 1 Gemfire | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Pivotal Gemfire for PCF, versions 1.6.x prior to 1.6.5.0 and 1.7.x prior to 1.7.1.0, contain an information disclosure vulnerability. The application inadvertently exposed WAN replication credentials at a public route. | |||||
| CVE-2016-7576 | 1 Apple | 1 Iphone Os | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| In iOS before 9.3.3, a memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. | |||||
| CVE-2016-7550 | 1 Digium | 1 Asterisk | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote). | |||||
| CVE-2016-7524 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | |||||
| CVE-2016-7523 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. | |||||
| CVE-2016-7475 | 1 F5 | 8 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Application Acceleration Manager and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles. | |||||
| CVE-2016-7472 | 1 F5 | 1 Big-ip Application Security Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| F5 BIG-IP ASM version 12.1.0 - 12.1.1 may allow remote attackers to cause a denial of service (DoS) via a crafted HTTP request. | |||||
| CVE-2016-7443 | 1 Exponentcms | 1 Exponent Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors related to "uploading files to wrong location." | |||||
| CVE-2016-7404 | 1 Openstack | 1 Magnum | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform. | |||||
| CVE-2016-7398 | 1 Php | 1 Ext-http | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests. | |||||
| CVE-2016-7394 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| tiki wiki cms groupware <=15.2 has a xss vulnerability, allow attackers steal user's cookie. | |||||
| CVE-2016-7151 | 1 Capstone-engine | 1 Capstone | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Capstone 3.0.4 has an out-of-bounds vulnerability (SEGV caused by a read memory access) in X86_insn_reg_intel in arch/X86/X86Mapping.c. | |||||
| CVE-2016-7078 | 1 Theforeman | 1 Foreman | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resources instead of none (mirroring an administrator's view). The user's actions are still limited by their assigned permissions, e.g. to control viewing, editing and deletion. | |||||
| CVE-2016-7077 | 1 Theforeman | 1 Foreman | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6. | |||||