Total
347752 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10393 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when processing a clip with large size values, integer arithmetic overflows, and allocated buffer size will be less than intended buffer size. The following buffer operations will overflow the allocated buffer. | |||||
| CVE-2016-10299 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32577244. | |||||
| CVE-2016-10298 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393252. | |||||
| CVE-2016-10258 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2024-11-21 | 6.0 MEDIUM | 6.8 MEDIUM |
| Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code. | |||||
| CVE-2016-10257 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256. | |||||
| CVE-2016-10256 | 1 Broadcom | 1 Symantec Proxysg | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257. | |||||
| CVE-2016-10245 | 1 Doxygen | 1 Doxygen | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insufficient sanitization of the query parameter in templates/html/search_opensearch.php could lead to reflected cross-site scripting or iframe injection. | |||||
| CVE-2016-10236 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| An information disclosure vulnerability in the Qualcomm USB driver. Product: Android. Versions: Android kernel. Android ID: A-33280689. References: QC-CR#1102418. | |||||
| CVE-2016-10235 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android kernel. Android ID: A-34390620. References: QC-CR#1046409. | |||||
| CVE-2016-10234 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability in the Qualcomm IPA driver. Product: Android. Versions: Android kernel. Android ID: A-34390017. References: QC-CR#1069060. | |||||
| CVE-2016-10233 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-34389926. References: QC-CR#897452. | |||||
| CVE-2016-10232 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-34386696. References: QC-CR#1024872. | |||||
| CVE-2016-10231 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the Qualcomm sound codec driver. Product: Android. Versions: Android kernel. Android ID: A-33966912. References: QC-CR#1096799. | |||||
| CVE-2016-10230 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability in the Qualcomm crypto driver. Product: Android. Versions: Android kernel. Android ID: A-34389927. References: QC-CR#1091408. | |||||
| CVE-2016-10036 | 1 Jfrog | 1 Artifactory | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of service by uploading an HTML file. | |||||
| CVE-2016-10008 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter. | |||||
| CVE-2016-10007 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in the "Marketing > Forms" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_FORM_HANDLER_orderBy parameter. | |||||
| CVE-2016-1000282 | 1 Haraka Project | 1 Haraka | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection. | |||||
| CVE-2016-1000271 | 1 Dthdevelopment | 1 Dt Register | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in "/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events". This attack appears to be exploitable if the attacker can reach the web server. | |||||
| CVE-2016-1000237 | 1 Apostrophecms | 1 Sanitize-html | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| sanitize-html before 1.4.3 has XSS. | |||||