Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-0793 |
Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that contains (a) lowercase or (b) "meaningless" characters. Published: April 01, 2016; 3:59:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-1168 |
Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP devices with firmware 1.0.17 and earlier allows remote attackers to hijack the authentication of arbitrary users. Published: April 01, 2016; 10:59:01 AM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-1167 |
Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP devices allows remote attackers to hijack the authentication of arbitrary users. Published: April 01, 2016; 10:59:00 AM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-1345 |
Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726. Published: March 31, 2016; 8:59:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-3142 |
The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location. Published: March 31, 2016; 12:59:01 PM -0400 |
V3.0: 8.2 HIGH V2.0: 6.4 MEDIUM |
CVE-2016-3141 |
Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element. Published: March 31, 2016; 12:59:00 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2015-8837 |
Stack-based buffer overflow in the isofs_real_readdir function in isofs.c in FuseISO 20070708 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long pathname in an ISO file. Published: March 30, 2016; 6:59:01 AM -0400 |
V3.0: 7.3 HIGH V2.0: 6.8 MEDIUM |
CVE-2015-8836 |
Integer overflow in the isofs_real_read_zf function in isofs.c in FuseISO 20070708 might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ZF block size in an ISO file, leading to a heap-based buffer overflow. Published: March 30, 2016; 6:59:00 AM -0400 |
V3.0: 7.3 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-2288 |
Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file. Published: March 29, 2016; 11:59:01 AM -0400 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2016-1760 |
The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app's events via a crafted app. Published: March 29, 2016; 11:59:00 AM -0400 |
V3.0: 6.2 MEDIUM V2.0: 2.1 LOW |
CVE-2016-3679 |
Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, as used in Google Chrome before 49.0.2623.108, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Published: March 29, 2016; 6:59:05 AM -0400 |
V3.0: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2016-1650 |
The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/page_capture/page_capture_api.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating an MHTML document. Published: March 29, 2016; 6:59:04 AM -0400 |
V3.0: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2016-1649 |
The Program::getUniformInternal function in Program.cpp in libANGLE, as used in Google Chrome before 49.0.2623.108, does not properly handle a certain data-type mismatch, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted shader stages. Published: March 29, 2016; 6:59:03 AM -0400 |
V3.0: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2016-1648 |
Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code. Published: March 29, 2016; 6:59:02 AM -0400 |
V3.0: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2016-1647 |
Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc in the Navigation implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Published: March 29, 2016; 6:59:01 AM -0400 |
V3.0: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2016-1646 |
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code. Published: March 29, 2016; 6:59:00 AM -0400 |
V3.0: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2016-2344 |
Stack-based buffer overflow in manager.exe in Backburner Manager in Autodesk Backburner 2016 2016.0.0.2150 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted command. NOTE: this is only a vulnerability in environments in which the administrator has not followed documentation that outlines the security risks of operating Backburner on untrusted networks. Published: March 28, 2016; 7:59:02 PM -0400 |
V3.0: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2016-1314 |
Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (CDM) 8.1(1) allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux80760. Published: March 28, 2016; 7:59:01 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 3.5 LOW |
CVE-2016-0226 |
The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file. Published: March 28, 2016; 7:59:00 PM -0400 |
V3.0: 7.8 HIGH V2.0: 6.9 MEDIUM |
CVE-2014-9769 |
pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset. Published: March 28, 2016; 12:59:00 PM -0400 |
V3.0: 7.3 HIGH V2.0: 7.5 HIGH |