Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2015-8230 Memory leak in Huawei eSpace 8950 IP phones with software before V200R003C00SPC300 allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of crafted A... | N/A | NONE | — | 0 |
| CVE-2015-8231 Huawei eSpace 7910 and 7950 IP phones with software before V200R002C00SPC800 allow remote attackers with established sessions to cause a denial of service (device restart) via unspecified packets. | N/A | NONE | — | 0 |
| CVE-2015-8335 Huawei VCN500 with software before V100R002C00SPC201 logs passwords in cleartext, which allows remote authenticated users to obtain sensitive information by triggering log generation and then reading ... | N/A | NONE | — | 0 |
| CVE-2015-1779 The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section. | 8.6 | HIGH | — | 0 |
| CVE-2015-4671 Cross-site scripting (XSS) vulnerability in OpenCart before 2.1.0.2 allows remote attackers to inject arbitrary web script or HTML via the zone_id parameter to index.php. | N/A | NONE | — | 0 |
| CVE-2015-4703 Absolute path traversal vulnerability in mysqldump_download.php in the WordPress Rename plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the dumpfname pa... | N/A | NONE | — | 0 |
| CVE-2015-5471 Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file para... | N/A | NONE | — | 0 |
| CVE-2015-7242 Cross-site scripting (XSS) vulnerability in the Push-Service-Mails feature in AVM FRITZ!OS before 6.30 allows remote attackers to inject arbitrary web script or HTML via the display name in the FROM f... | N/A | NONE | — | 0 |
| CVE-2015-7548 OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read a... | N/A | NONE | — | 0 |
| CVE-2015-8088 Heap-based buffer overflow in the HIFI driver in Huawei Mate 7 phones with software MT7-UL00 before MT7-UL00C17B354, MT7-TL10 before MT7-TL10C00B354, MT7-TL00 before MT7-TL00C01B354, and MT7-CL00 befo... | N/A | NONE | — | 0 |
| CVE-2015-8098 F5 BIG-IP APM 11.4.1 before 11.4.1 HF9, 11.5.x before 11.5.3, and 11.6.0 before 11.6.0 HF4 allow remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors related... | N/A | NONE | — | 0 |
| CVE-2015-8672 The presentation transmission permission management mechanism in Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 allows remote attacker... | N/A | NONE | — | 0 |
| CVE-2015-8306 Buffer overflow in the HIFI driver in Huawei P8 phones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230,... | N/A | NONE | — | 0 |
| CVE-2015-8337 The HIFI driver in Huawei P8 phones with software GRA-TL00 before GRA-TL00C01B220SP01, GRA-CL00 before GRA-CL00C92B220, GRA-CL10 before GRA-CL10C92B220, GRA-UL00 before GRA-UL00C00B220, GRA-UL10 befor... | N/A | NONE | — | 0 |
| CVE-2015-8400 The HTTPS fallback implementation in Shell In A Box (aka shellinabox) before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL. | N/A | NONE | — | 0 |
| CVE-2015-8603 Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the serendipity[entry_id] parameter in an "edit" admin action to... | N/A | NONE | — | 0 |
| CVE-2015-8673 Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug accou... | N/A | NONE | — | 0 |
| CVE-2015-8659 The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug. | N/A | NONE | — | 0 |
| CVE-2015-7393 dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3... | N/A | NONE | — | 0 |
| CVE-2015-7759 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 12.0.0 before HF1, when the TCP profile for a virtual server is configured with Congestion Metrics Cache enabled, allow remote attac... | N/A | NONE | — | 0 |
| CVE-2015-8611 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms do not properly sync passwords with the Always-On Manageme... | N/A | NONE | — | 0 |
| CVE-2015-8769 SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2016-1231 Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) in an unspecified pa... | N/A | NONE | — | 0 |
| CVE-2016-1232 The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof... | N/A | NONE | — | 0 |
| CVE-2016-1715 The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before build 449, 6.1.3 before build 441, and 6.2.0 before build 505 on 32-bit Wind... | N/A | NONE | — | 0 |
| CVE-2015-6117 Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) at... | N/A | NONE | — | 0 |
| CVE-2016-0002 The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted... | N/A | NONE | — | 0 |
| CVE-2016-0003 Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka "Microsoft Edge Memory Corruption Vulnerability." | N/A | NONE | — | 0 |
| CVE-2016-0005 Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability." | N/A | NONE | — | 0 |
| CVE-2016-0006 The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Wind... | N/A | NONE | — | 0 |
| CVE-2017-9254 The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a craf... | N/A | NONE | — | 0 |
| CVE-2016-0007 The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Wind... | N/A | NONE | — | 0 |
| CVE-2016-0008 The graphics device interface in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 al... | N/A | NONE | — | 0 |
| CVE-2016-0009 Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 10 Gold and 1511 allow remote attackers to execute arbitrary code via unspecified vectors, aka "Win32k Remot... | N/A | NONE | — | 0 |
| CVE-2016-0010 Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, Excel 2016 for Mac, PowerPoint 2016 for Ma... | N/A | NONE | — | 0 |
| CVE-2017-0825 An information disclosure vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37305633. References: B-V2017063002. | N/A | NONE | — | 0 |
| CVE-2016-0011 Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) at... | N/A | NONE | — | 0 |
| CVE-2016-0012 Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Exc... | N/A | NONE | — | 0 |
| CVE-2016-0014 Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle... | N/A | NONE | — | 0 |
| CVE-2016-0015 DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 allows remote attack... | N/A | NONE | — | 0 |
| CVE-2016-0016 Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle... | N/A | NONE | — | 0 |
| CVE-2016-0018 Microsoft Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 R2, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka ... | N/A | NONE | — | 0 |
| CVE-2016-0019 The Remote Desktop Protocol (RDP) service implementation in Microsoft Windows 10 Gold and 1511 allows remote attackers to bypass intended access restrictions and establish sessions for blank-password ... | N/A | NONE | — | 0 |
| CVE-2016-0020 Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "MAPI DLL Loading E... | N/A | NONE | — | 0 |
| CVE-2016-0024 The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka "Scripting Engine Memory Corruption Vulnerability." | N/A | NONE | — | 0 |
| CVE-2016-0029 Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange S... | 6.1 | MEDIUM | — | 0 |
| CVE-2016-0030 Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, and 2016 allows remote attackers to inject arbitrary web script o... | 6.1 | MEDIUM | — | 0 |
| CVE-2016-0031 Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange S... | 6.1 | MEDIUM | — | 0 |
| CVE-2016-0032 Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to in... | 6.1 | MEDIUM | — | 0 |
| CVE-2016-0035 Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers ... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.