CVE List - 2016 / February
Showing 201 - 300 of 380 CVEs for February 2016 (Page 3 of 4)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2016-0701 | 2016-02-15 | The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers... |
| CVE-2015-2005 | 2016-02-15 | IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.5 Patch 6 does not properly expire sessions, which allows remote attackers to obtain sensitive information by... |
| CVE-2015-2008 | 2016-02-15 | IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.6 includes SSH private keys during backup operations, which allows remote authenticated administrators to obtain sensitive information... |
| CVE-2015-4956 | 2016-02-15 | The Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to execute unspecified OS commands via unknown vectors. |
| CVE-2015-4957 | 2016-02-15 | Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to inject arbitrary web script or HTML... |
| CVE-2015-4991 | 2016-02-15 | IBM SPSS Modeler 14.2 through FP3 IF027, 15 through FP3 IF015, 16 through FP2 IF012, 17 through FP1 IF018, and 17.1 through IF008 includes unspecified cleartext data in memory dumps,... |
| CVE-2015-5010 | 2016-02-15 | IBM Security Access Manager for Web 7.0 before 7.0.0 IF21, 8.0 before 8.0.1.3 IF4, and 9.0 before 9.0.0.1 IF1 does not have a lockout mechanism for invalid login attempts, which... |
| CVE-2015-5012 | 2016-02-15 | The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 does not properly restrict the set... |
| CVE-2015-5042 | 2016-02-15 | IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote attackers to execute arbitrary code... |
| CVE-2015-5050 | 2016-02-15 | Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows... |
| CVE-2015-7398 | 2016-02-15 | Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote... |
| CVE-2015-7408 | 2016-02-15 | The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x before 7.1.4 does not properly restrict use of the ASNODENAME option, which allows... |
| CVE-2015-7444 | 2016-02-15 | The Update Installer in IBM WebSphere Commerce Enterprise 7.0.0.8 and 7.0.0.9 does not properly replicate the search index, which allows attackers to obtain sensitive information via unspecified vectors. |
| CVE-2015-7472 | 2016-02-15 | IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF10 allows remote attackers to conduct LDAP injection... |
| CVE-2015-7492 | 2016-02-15 | Cross-site scripting (XSS) vulnerability in Reference Data Management (RDM) in IBM InfoSphere Master Data Management 10.1, 11.0 before FP5, 11.3, 11.4, and 11.5 before FP1 allows remote authenticated users to... |
| CVE-2015-8531 | 2016-02-15 | Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Web 8.0 before 8.0.1.3 IF4 and 9.0 before 9.0.0.1 IF1 allows remote attackers to inject arbitrary web script or HTML... |
| CVE-2015-8795 | 2016-02-15 | Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled... |
| CVE-2015-8796 | 2016-02-15 | Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL. |
| CVE-2015-8797 | 2016-02-15 | Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via... |
| CVE-2016-2231 | 2016-02-15 | The Windows-based Host Interface Program (WHIP) service on Huawei SmartAX MT882 devices V200R002B022 Arg relies on the client to send a length field that is consistent with a buffer size,... |
| CVE-2016-2314 | 2016-02-15 | GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices V200R002B022 Arg, allows remote authenticated users to cause a denial of service (device outage) by using the FTP MKD command... |
| CVE-2016-0742 | 2016-02-15 | The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP... |
| CVE-2016-0746 | 2016-02-15 | Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified... |
| CVE-2016-0747 | 2016-02-15 | The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption)... |
| CVE-2016-0231 | 2016-02-15 | IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by reading exception details... |
| CVE-2016-0232 | 2016-02-15 | IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by reading README files. |
| CVE-2016-1321 | 2016-02-15 | Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature and obtain sensitive... |
| CVE-2016-1330 | 2016-02-15 | Cisco IOS 15.2(4)E on Industrial Ethernet 2000 devices allows remote attackers to cause a denial of service (device reload) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID CSCuy27746. |
| CVE-2016-1331 | 2016-02-15 | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 11.5(0.99833.5) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy10766. |
| CVE-2015-7576 | 2016-02-16 | The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before... |
| CVE-2015-7577 | 2016-02-16 | activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a... |
| CVE-2015-7578 | 2016-02-16 | Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag... |
| CVE-2015-7579 | 2016-02-16 | Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity... |
| CVE-2015-7580 | 2016-02-16 | Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via... |
| CVE-2015-7581 | 2016-02-16 | actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous caching and memory consumption) by... |
| CVE-2016-0751 | 2016-02-16 | actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME... |
| CVE-2016-0753 | 2016-02-16 | Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to... |
| CVE-2016-0752 | 2016-02-16 | Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary... |
| CVE-2016-2387 | 2016-02-16 | Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy Runtime ProxyServer servlet in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) ns... |
| CVE-2016-2389 | 2016-02-16 | Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a... |
| CVE-2016-2386 | 2016-02-16 | SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079. |
| CVE-2016-2388 | 2016-02-16 | The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846. |
| CVE-2015-7795 | 2016-02-17 | Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7796, CVE-2015-7797, CVE-2015-7798,... |
| CVE-2015-7796 | 2016-02-17 | Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7797, CVE-2015-7798,... |
| CVE-2015-7797 | 2016-02-17 | Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7798,... |
| CVE-2015-7798 | 2016-02-17 | Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797,... |
| CVE-2015-8483 | 2016-02-17 | Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. |
| CVE-2015-8484 | 2016-02-17 | Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified vectors, a different vulnerability than CVE-2015-8485, CVE-2015-8486, and CVE-2016-1152. |
| CVE-2015-8485 | 2016-02-17 | Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8486, and CVE-2016-1152. |
| CVE-2015-8486 | 2016-02-17 | Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary report titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2016-1152. |
| CVE-2015-8487 | 2016-02-17 | Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488. |
| CVE-2015-8488 | 2016-02-17 | Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-2015-8487. |
| CVE-2015-8489 | 2016-02-17 | customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service (excessive database locking) via a crafted CSV file, a different vulnerability than CVE-2016-1153. |
| CVE-2016-1149 | 2016-02-17 | Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797,... |
| CVE-2016-1150 | 2016-02-17 | Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797,... |
| CVE-2016-1151 | 2016-02-17 | Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users. |
| CVE-2016-1152 | 2016-02-17 | Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan data, via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485,... |
| CVE-2016-1153 | 2016-02-17 | customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service via unspecified vectors, a different vulnerability than CVE-2015-8489. |
| CVE-2013-7447 | 2016-02-17 | Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause... |
| CVE-2016-0766 | 2016-02-17 | PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which... |
| CVE-2016-0773 | 2016-02-17 | PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow... |
| CVE-2016-2046 | 2016-02-17 | Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. |
| CVE-2016-2071 | 2016-02-17 | Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges... |
| CVE-2016-2072 | 2016-02-17 | The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.1305.e, and 10.1... |
| CVE-2016-2396 | 2016-02-17 | The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via... |
| CVE-2016-2397 | 2016-02-17 | The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted... |
| CVE-2016-1333 | 2016-02-17 | Cisco IOS 15.5(3)M and 15.6(1)T0a on Cisco 1000 Connected Grid routers allows remote authenticated users to cause a denial of service (device reload) via an SNMP request for unspecified BRIDGE... |
| CVE-2016-1334 | 2016-02-17 | Cisco Small Business 500 Wireless Access Point devices with firmware 1.0.4.4 allow remote attackers to set the system time via a crafted POST request, aka Bug ID CSCuy01457. |
| CVE-2016-2398 | 2016-02-17 | Comcast XFINITY Home Security System does not properly maintain base-station communication, which allows physically proximate attackers to defeat sensor functionality by interfering with ZigBee 2.4 GHz transmissions. |
| CVE-2015-8286 | 2016-02-18 | Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000. |
| CVE-2015-8287 | 2016-02-18 | Swann SRNVW-470LCD devices with firmware through 0114 and SWNVW-470CAM devices with firmware through 1022 allow remote attackers to watch live video by visiting an unspecified URL. |
| CVE-2015-7547 | 2016-02-18 | Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers... |
| CVE-2016-0794 | 2016-02-18 | The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LotusWordPro (lwp) document. |
| CVE-2016-0795 | 2016-02-18 | LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document. |
| CVE-2015-5970 | 2016-02-18 | The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query... |
| CVE-2015-8148 | 2016-02-18 | The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to obtain sensitive information about administrator accounts via a modified request. |
| CVE-2015-8149 | 2016-02-18 | The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to cause a denial of service (heap memory corruption and service outage) via crafted requests. |
| CVE-2015-8150 | 2016-02-18 | Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows local users to obtain root access by modifying a batch file. |
| CVE-2015-8151 | 2016-02-18 | Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote authenticated users to execute arbitrary OS commands by leveraging console administrator access. |
| CVE-2016-0068 | 2016-02-18 | Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0069. |
| CVE-2016-0069 | 2016-02-18 | Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0068. |
| CVE-2016-1987 | 2016-02-18 | HPE IPFilter A.11.31.18.21 on HP-UX, when a certain keep-state configuration is enabled, allows remote attackers to cause a denial of service via unspecified UDP packets. |
| CVE-2016-2509 | 2016-02-18 | The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the... |
| CVE-2016-2270 | 2016-02-19 | Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings. |
| CVE-2016-2271 | 2016-02-19 | VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to... |
| CVE-2015-7769 | 2016-02-19 | baserCMS 3.0.2 through 3.0.8 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. |
| CVE-2016-1154 | 2016-02-19 | SQL injection vulnerability in the Help plug-in 1.3.5 and earlier in Cuore EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2016-1156 | 2016-02-19 | LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X allows remote authenticated users to cause a denial of service (application crash) via a crafted post that... |
| CVE-2016-1335 | 2016-02-19 | The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges... |
| CVE-2016-1927 | 2016-02-20 | The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers... |
| CVE-2016-2038 | 2016-02-20 | phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error... |
| CVE-2016-2039 | 2016-02-20 | libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by... |
| CVE-2016-2040 | 2016-02-20 | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a... |
| CVE-2016-2041 | 2016-02-20 | libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers... |
| CVE-2016-2042 | 2016-02-20 | phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path... |
| CVE-2016-2043 | 2016-02-20 | Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML... |
| CVE-2016-2044 | 2016-02-20 | libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. |
| CVE-2016-2045 | 2016-02-20 | Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers... |
| CVE-2016-1628 | 2016-02-21 | pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certain precision value, which allows remote attackers to execute arbitrary code or cause a... |
| CVE-2016-2275 | 2016-02-21 | The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allows remote... |