| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android internal bug 28670333 and Qualcomm internal bug CR548711. |
| The Connector Migration Tool in IBM InfoSphere Information Server 8.1 through 11.3 allows remote authenticated users to bypass intended restrictions on job creation and modification via unspecified vectors. |
| IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 in certain cipherList configurations allows remote attackers to bypass authentication and execute arbitrary programs as root via unspecified vectors. |
| libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface. |
| D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds. |
| The Service Provider (SP) in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users' accounts via a crafted SAML assertion. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6254 for lack of validation for the Destination attribute in a Response element in a SAML assertion. |
| Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager. |
| time.htm in the web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a78 allows remote attackers to bypass authentication and obtain administrative access by leveraging a cookie received in an HTTP response. |
| Remote file download vulnerability in wptf-image-gallery v1.03 |
| Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05 |
| Remote file download in simple-image-manipulator v1.0 wordpress plugin |
| The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an Intent with a (1) FLAG_GRANT_READ_URI_PERMISSION or (2) FLAG_GRANT_WRITE_URI_PERMISSION flag, as demonstrated by bypassing intended restrictions on reading contacts, aka internal bug 19618745. |
| Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to spoof meeting organizers via unspecified vectors, aka "Exchange Forged Meeting Request Spoofing Vulnerability." |
| Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows remote authenticated users to execute arbitrary code via a crafted query, aka "SQL Server Remote Code Execution Vulnerability." |
| The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to bypass authentication via a crafted LDAP request. |
| Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Media Center link (mcl) file, aka "Windows Media Center RCE Vulnerability." |
| Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 improperly processes ACL settings, which allows local users to bypass intended network-traffic restrictions via a crafted application, aka "Hyper-V Security Feature Bypass Vulnerability." |
| Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL. |
| Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. |
| Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2014-0578, CVE-2015-3115, CVE-2015-3125, and CVE-2015-5116. |
