Latest CVE Feed
-
3.3
LOWCVE-2015-0858
Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory.... Read more
- Published: May. 06, 2016
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2015-0857
Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file.... Read more
- Published: May. 06, 2016
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2016-2062
The adreno_perfcounter_query_group function in drivers/gpu/msm/adreno_perfcounter.c in the Adreno GPU driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, uses an incorrect... Read more
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
7.0
HIGHCVE-2016-2059
The msm_ipc_router_bind_control_port function in net/ipc_router/ipc_router_core.c in the IPC router kernel module for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not ver... Read more
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
7.4
HIGHCVE-2016-1392
Open redirect vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuu34121.... Read more
Affected Products : prime_collaboration_assurance- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2016-1387
The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute co... Read more
Affected Products : telepresence_tc_software- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
8.6
HIGHCVE-2016-1373
The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 1... Read more
Affected Products : finesse- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2016-1369
The Adaptive Security Appliance (ASA) 5585-X FirePOWER Security Services Processor (SSP) module for Cisco ASA with FirePOWER Services 5.3.1 through 6.0.0 misconfigures kernel logging, which allows remote attackers to cause a denial of service (resource co... Read more
Affected Products : asa_with_firepower_services- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2016-1368
Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced Malware Protection (AMP) for Networks component on these appliances, allows remote attackers to cause a denial of se... Read more
Affected Products : firesight_system_software- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2016-4535
Integer signedness error in the AV engine before DAT 8145, as used in McAfee LiveSafe 14.0, allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted packed executable.... Read more
Affected Products : livesafe- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
3.0
LOWCVE-2016-4534
The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and unlock the console window by closing registry handles.... Read more
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2016-4351
SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway (TMEEG) 5.5 before build 1107 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more
Affected Products : email_encryption_gateway- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
5.9
MEDIUMCVE-2016-4008
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.... Read more
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
5.5
MEDIUMCVE-2016-3718
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.... Read more
- Actively Exploited
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
7.1
HIGHCVE-2016-3717
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.... Read more
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2016-3716
The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.... Read more
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
5.8
MEDIUMCVE-2016-3715
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.... Read more
- Actively Exploited
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2016-3714
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageT... Read more
- Actively Exploited
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
6.5
MEDIUMCVE-2016-2168
The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted heade... Read more
Affected Products : subversion- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2016-2167
The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm stri... Read more
Affected Products : subversion- Published: May. 05, 2016
- Modified: Apr. 12, 2025