CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2016-9031 An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dea... | 7.8 | HIGH | — | 0 |
| CVE-2016-9032 An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when deal... | 7.0 | HIGH | — | 0 |
| CVE-2016-9033 An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when deal... | 7.0 | HIGH | — | 0 |
| CVE-2016-9034 An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when deal... | 7.0 | HIGH | — | 0 |
| CVE-2016-9035 An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when deal... | 7.0 | HIGH | — | 0 |
| CVE-2016-1000156 Mailcwp remote file upload vulnerability incomplete fix v1.100 | N/A | NONE | — | 0 |
| CVE-2016-4443 Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file. | N/A | NONE | — | 0 |
| CVE-2014-8241 XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052. | N/A | NONE | — | 0 |
| CVE-2016-3684 SAP Download Manager 2.1.142 and earlier uses a hardcoded encryption key to protect stored data, which allows context-dependent attackers to obtain sensitive configuration information by leveraging kn... | N/A | NONE | — | 0 |
| CVE-2016-3685 SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration infor... | N/A | NONE | — | 0 |
| CVE-2015-8542 An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The "getprivkeybyid" API call is used to download a PGP Private Key for a specific user after providing authentication credentials. Cli... | N/A | NONE | — | 0 |
| CVE-2016-2840 An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. The "session" parameter for file-download requests can be used to inject script code that gets reflected through the ... | N/A | NONE | — | 0 |
| CVE-2016-3173 An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The aria-label parameter of tiles at the Portal can be used to inject script code. Those labels use the name of the file (e.g. a... | N/A | NONE | — | 0 |
| CVE-2016-7885 Adobe Experience Manager versions 6.2 and earlier have a vulnerability that could be used in Cross-Site Request Forgery attacks. | N/A | NONE | — | 0 |
| CVE-2016-3174 An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The "defer" servlet offers to redirect a client to a specified URL. Since some checks were missing, arbitrary URLs could be prov... | N/A | NONE | — | 0 |
| CVE-2016-4026 An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such ca... | N/A | NONE | — | 0 |
| CVE-2016-4027 An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10. App Suite frontend offers to control whether a user wants to store cookies that exceed the session duration. This functionality... | N/A | NONE | — | 0 |
| CVE-2016-4028 An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding oracle ... | N/A | NONE | — | 0 |
| CVE-2016-4045 An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Script code can be embedded to RSS feeds using a URL notation. In case a user clicks the corresponding link at the RSS reader o... | N/A | NONE | — | 0 |
| CVE-2016-4046 An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure external mail accounts can be abused to map and access network components within the trust boundary of the... | N/A | NONE | — | 0 |
| CVE-2016-4047 An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8. References to external Open XML document type definitions (.dtd resources) can be placed within .docx and .xslx files. Those res... | N/A | NONE | — | 0 |
| CVE-2016-4048 An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Custom messages can be shown at the login screen to notify external users about issues with sharing links. This mechanism can b... | N/A | NONE | — | 0 |
| CVE-2016-5124 An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev14. Adding images from external sources to HTML editors by drag&drop can potentially lead to script code execution in the context o... | N/A | NONE | — | 0 |
| CVE-2016-5740 An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used as part of ical attachments within scheduling E-Mails. This content, for example an appointment's lo... | N/A | NONE | — | 0 |
| CVE-2016-6842 An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Setting the user's name to JS code makes that code execute when selecting that user's "Templates" folder from OX Documents setti... | N/A | NONE | — | 0 |
| CVE-2016-6843 An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code can be injected to contact names. When adding those contacts to a group, the script code gets executed in the contex... | N/A | NONE | — | 0 |
| CVE-2016-6844 An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within SVG files is maintained when opening such files "in browser" based on our Mail or Drive app. In case of "a" t... | N/A | NONE | — | 0 |
| CVE-2016-6845 An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded "data" resources. Thi... | N/A | NONE | — | 0 |
| CVE-2016-6847 An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as mp3 album covers. In case their XML structure contains script code, that code may get executed when cal... | N/A | NONE | — | 0 |
| CVE-2016-6848 An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client ("Reflected File Download"). Malicious ... | N/A | NONE | — | 0 |
| CVE-2016-6850 An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get execu... | N/A | NONE | — | 0 |
| CVE-2016-6851 An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code can be provided as parameter to the OX Guard guest reader web application. This allows cross-site scripting attacks agai... | N/A | NONE | — | 0 |
| CVE-2016-6852 An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Users can provide local file paths to the RSS reader; the response and error code give hints about whether the provided file exi... | N/A | NONE | — | 0 |
| CVE-2016-6853 An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code and references to external websites can be injected to the names of PGP public keys. When requesting that key later on u... | N/A | NONE | — | 0 |
| CVE-2016-6854 An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code which got injected to a mail with inline PGP signature gets executed when verifying the signature. Malicious script code... | N/A | NONE | — | 0 |
| CVE-2016-6933 Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks. | N/A | NONE | — | 0 |
| CVE-2016-6934 Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the PMAdmin module that could be used in cross-site scripting attacks. | N/A | NONE | — | 0 |
| CVE-2016-7856 Adobe DNG Converter versions 9.7 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | N/A | NONE | — | 0 |
| CVE-2016-7866 Adobe Animate versions 15.2.1.95 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | N/A | NONE | — | 0 |
| CVE-2016-7867 Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to bookmarking in searches. Succe... | 8.8 | HIGH | — | 0 |
| CVE-2016-8814 All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where multiple pointers are used without checking for NULL, l... | N/A | NONE | — | 0 |
| CVE-2016-7868 Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to alternation functionality. Suc... | 8.8 | HIGH | — | 0 |
| CVE-2016-7869 Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to backtrack search functionality... | 8.8 | HIGH | — | 0 |
| CVE-2016-7870 Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class for specific search strategies. Successfu... | 8.8 | HIGH | — | 0 |
| CVE-2016-7871 Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Worker class. Successful exploitation could lead to arbitrary co... | 8.8 | HIGH | — | 0 |
| CVE-2016-7872 Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class related to objects at multiple presentation levels.... | 8.8 | HIGH | — | 0 |
| CVE-2016-8815 All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used withou... | N/A | NONE | — | 0 |
| CVE-2016-7873 Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the PSDK class related to ad policy functionality method. Successful... | 8.8 | HIGH | — | 0 |
| CVE-2016-7874 Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the NetConnection class when handling the proxy types. Successful ex... | 8.8 | HIGH | — | 0 |
| CVE-2016-7875 Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable integer overflow vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary... | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.