Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-8956 |
The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket. Published: October 10, 2016; 6:59:04 AM -0400 |
V3.0: 6.1 MEDIUM V2.0: 3.6 LOW |
CVE-2015-8955 |
arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW PMUs. Published: October 10, 2016; 6:59:03 AM -0400 |
V3.1: 7.3 HIGH V2.0: 6.9 MEDIUM |
CVE-2015-8951 |
Multiple use-after-free vulnerabilities in sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 30142668 and Qualcomm internal bug CR 948902. Published: October 10, 2016; 6:59:02 AM -0400 |
V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2015-8950 |
arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call. Published: October 10, 2016; 6:59:01 AM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2015-0572 |
Multiple race conditions in drivers/char/adsprpc.c and drivers/char/adsprpc_compat.c in the ADSPRPC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (zero-value write) or possibly have unspecified other impact via a COMPAT_FASTRPC_IOCTL_INVOKE_FD ioctl call. Published: October 10, 2016; 6:59:00 AM -0400 |
V3.1: 7.0 HIGH V2.0: 4.4 MEDIUM |
CVE-2016-1000007 |
Pagure 2.2.1 XSS in raw file endpoint Published: October 07, 2016; 2:59:02 PM -0400 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-1000003 |
Mirror Manager version 0.7.2 and older is vulnerable to remote code execution in the checkin code. Published: October 07, 2016; 2:59:01 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-1000001 |
flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect Published: October 07, 2016; 2:59:00 PM -0400 |
V3.0: 7.4 HIGH V2.0: 5.8 MEDIUM |
CVE-2016-7777 |
Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it. Published: October 07, 2016; 10:59:10 AM -0400 |
V3.0: 6.3 MEDIUM V2.0: 3.3 LOW |
CVE-2016-7424 |
The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 file. Published: October 07, 2016; 10:59:09 AM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-7167 |
Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow. Published: October 07, 2016; 10:59:08 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-7040 |
Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections. Published: October 07, 2016; 10:59:07 AM -0400 |
V3.0: 8.8 HIGH V2.0: 9.0 HIGH |
CVE-2016-6323 |
The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation. Published: October 07, 2016; 10:59:06 AM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-6273 |
The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License Server VPX before 11.14.0.1, allows remote attackers to cause a denial of service (crash) via a type 2F packet with a '01 19' opcode. Published: October 07, 2016; 10:59:05 AM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-3699 |
The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd. Published: October 07, 2016; 10:59:03 AM -0400 |
V3.0: 7.4 HIGH V2.0: 6.9 MEDIUM |
CVE-2015-7363 |
Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters. Published: October 07, 2016; 10:59:02 AM -0400 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2015-5162 |
The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image. Published: October 07, 2016; 10:59:01 AM -0400 |
V3.0: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2015-2080 |
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak. Published: October 07, 2016; 10:59:00 AM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-1000217 |
Zotpress plugin for WordPress SQLi in zp_get_account() Published: October 06, 2016; 10:59:24 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-1000125 |
Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla Published: October 06, 2016; 10:59:23 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |