Latest CVE Feed
-
9.3
HIGHCVE-2016-0009
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 10 Gold and 1511 allow remote attackers to execute arbitrary code via unspecified vectors, aka "Win32k Remote Code Execution Vulnerability."... Read more
- Published: Jan. 13, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2016-0008
The graphics device interface in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to bypass the ASLR protection mec... Read more
Affected Products : windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_vista windows_8 windows_rt- Published: Jan. 13, 2016
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2016-0007
The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, which a... Read more
- Published: Jan. 13, 2016
- Modified: Apr. 12, 2025
-
7.3
HIGHCVE-2016-0006
The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, which a... Read more
- Published: Jan. 13, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2016-0005
Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability."... Read more
Affected Products : internet_explorer- Published: Jan. 13, 2016
- Modified: Apr. 12, 2025
-
9.6
CRITICALCVE-2016-0003
Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka "Microsoft Edge Memory Corruption Vulnerability."... Read more
Affected Products : edge- Published: Jan. 13, 2016
- Modified: Apr. 12, 2025
-
7.6
HIGHCVE-2016-0002
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vuln... Read more
- Published: Jan. 13, 2016
- Modified: Apr. 12, 2025
-
6.1
MEDIUMCVE-2015-6117
Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) attacks by modifying a webpart, aka "Microsoft SharePoint... Read more
- Published: Jan. 13, 2016
- Modified: Apr. 12, 2025
-
6.6
MEDIUMCVE-2016-1715
The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before build 449, 6.1.3 before build 441, and 6.2.0 before build 505 on 32-bit Windows platforms allows local users to cause a denial of s... Read more
- Published: Jan. 12, 2016
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2016-1232
The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack.... Read more
- Published: Jan. 12, 2016
- Modified: Apr. 12, 2025
-
5.9
MEDIUMCVE-2016-1231
Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) in an unspecified path.... Read more
- Published: Jan. 12, 2016
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-8769
SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors.... Read more
Affected Products : joomla\!- Published: Jan. 12, 2016
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-8673
Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug account, which allows physically proximate attackers to chan... Read more
- Published: Jan. 12, 2016
- Modified: Apr. 12, 2025
-
5.3
MEDIUMCVE-2015-8672
The presentation transmission permission management mechanism in Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 allows remote attackers to cause a denial of service (wired presentation outa... Read more
- Published: Jan. 12, 2016
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2015-8611
BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms do not properly sync passwords with the Always-On Management (AOM) subsystem, which might allow remote attackers ... Read more
- Published: Jan. 12, 2016
- Modified: Apr. 12, 2025
-
8.2
HIGHCVE-2015-8397
The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (application crash... Read more
- Published: Jan. 12, 2016
- Modified: Aug. 21, 2025
-
10.0
CRITICALCVE-2015-8396
Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows attackers to execute arbitrary code via crafted header dimensions in a DICOM image... Read more
- Published: Jan. 12, 2016
- Modified: Aug. 21, 2025
-
4.3
MEDIUMCVE-2015-7759
BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 12.0.0 before HF1, when the TCP profile for a virtual server is configured with Congestion Metrics Cache enabled, allow remote attackers to cause a denial of service (Traffic Management M... Read more
- Published: Jan. 12, 2016
- Modified: Apr. 12, 2025
-
7.4
HIGHCVE-2015-7393
dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP ... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_global_traffic_manager big-ip_local_traffic_manager big-ip_policy_enforcement_manager big-ip_edge_gateway +10 more products- Published: Jan. 12, 2016
- Modified: Apr. 12, 2025