Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-1738 |
dyld in Apple OS X before 10.11.4 allows attackers to bypass a code-signing protection mechanism via a modified app. Published: March 23, 2016; 9:59:10 PM -0400 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2016-1737 |
Carbon in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dfont file. Published: March 23, 2016; 9:59:09 PM -0400 |
V3.0: 6.3 MEDIUM V2.0: 6.8 MEDIUM |
CVE-2016-1736 |
Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1735. Published: March 23, 2016; 9:59:08 PM -0400 |
V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2016-1735 |
Bluetooth in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1736. Published: March 23, 2016; 9:59:08 PM -0400 |
V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2016-1734 |
AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted USB device. Published: March 23, 2016; 9:59:07 PM -0400 |
V3.0: 6.8 MEDIUM V2.0: 7.2 HIGH |
CVE-2016-1733 |
AppleRAID in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Published: March 23, 2016; 9:59:06 PM -0400 |
V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2016-1732 |
AppleRAID in Apple OS X before 10.11.4 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors. Published: March 23, 2016; 9:59:05 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2016-1599 |
Cross-site scripting (XSS) vulnerability in NetIQ Self Service Password Reset (SSPR) 2.x and 3.x before 3.3.1 HF2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Published: March 23, 2016; 9:59:04 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2015-7551 |
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression. Published: March 23, 2016; 9:59:03 PM -0400 |
V3.0: 8.4 HIGH V2.0: 4.6 MEDIUM |
CVE-2015-6854 |
The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request. Published: March 23, 2016; 9:59:02 PM -0400 |
V3.0: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2015-6853 |
The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52 before SP1 CR3 allows remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request. Published: March 23, 2016; 9:59:01 PM -0400 |
V3.0: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2009-2197 |
Apple Safari before 9.1 allows remote attackers to spoof the user interface via a web page that places text in a crafted context, leading to unintended use of that text within a Safari dialog. Published: March 23, 2016; 9:59:00 PM -0400 |
V3.0: 4.3 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-3116 |
CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data. Published: March 22, 2016; 6:59:03 AM -0400 |
V3.0: 6.4 MEDIUM V2.0: 5.5 MEDIUM |
CVE-2016-3115 |
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. Published: March 22, 2016; 6:59:02 AM -0400 |
V3.0: 6.4 MEDIUM V2.0: 5.5 MEDIUM |
CVE-2016-1998 |
HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. Published: March 22, 2016; 6:59:01 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2016-1997 |
HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. Published: March 22, 2016; 6:59:00 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2015-7454 |
Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors. Published: March 21, 2016; 10:59:00 AM -0400 |
V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2016-2245 |
HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors. Published: March 19, 2016; 11:59:01 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2016-0283 |
Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) client web application in IBM WebSphere Application Server (WAS) Liberty Profile 8.5.5 before 8.5.5.9 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Published: March 19, 2016; 11:59:00 AM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-2287 |
Cross-site scripting (XSS) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: March 19, 2016; 6:59:01 AM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |