The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2015-8567 | Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). | Medium | Apr 20, 2017 | n/a |
| CVE-2015-8619 | The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash). | Medium | Apr 20, 2017 | n/a |
| CVE-2015-8957 | Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2015-8958 | coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2015-8959 | coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (CPU consumption) via a crafted DDS file. | HIGH | Apr 20, 2017 | n/a |
| CVE-2016-10327 | LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx. | HIGH | Apr 20, 2017 | n/a |
| CVE-2016-10328 | FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c. | HIGH | Apr 20, 2017 | SR0640 (VxWorks 7) |
| CVE-2016-1132 | Shoplat App for iOS 1.10.00 through 1.18.00 does not properly verify SSL certificates. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-1161 | Cross-site request forgery (CSRF) vulnerability in ManageEngine Password Manager Pro before 8.5 (Build 8500). | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-1178 | The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-1179 | Cross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-1213 | The Scheduler function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-1214 | Cross-site scripting (XSS) vulnerability in the Response request function in Cybozu Garoon before 4.2.2. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-1215 | Cross-site scripting (XSS) vulnerability in the User details function in Cybozu Garoon before 4.2.2. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-1216 | Cross-site scripting (XSS) vulnerability in the New appointment function in Cybozu Garoon before 4.2.2. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-1217 | Cross-site scripting (XSS) vulnerability in the Check available times function in Cybozu Garoon before 4.2.2. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-1218 | SQL injection vulnerability in Cybozu Garoon before 4.2.2. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-1219 | Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use. | HIGH | Apr 20, 2017 | n/a |
| CVE-2016-1220 | Cybozu Garoon before 4.2.2 does not properly restrict access. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-2803 | Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-3106 | Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-3729 | The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-3731 | Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 allows remote attackers to obtain the names of hidden forums and forum discussions. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-3732 | The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-3733 | The restore teacher feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-4075 | Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-4293 | Multiple heap-based buffer overflows in the (1) CBookBase::SetDefTableStyle and (2) CBookBase::SetDefPivotStyle functions in Hancom Office 2014 VP allow remote attackers to execute arbitrary code via a crafted Hangul Hcell Document (.cell) file. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-4459 | Stack-based buffer overflow in native/mod_manager/node.c in mod_cluster 1.2.9. | HIGH | Apr 20, 2017 | n/a |
| CVE-2016-4650 | Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | HIGH | Apr 20, 2017 | n/a |
| CVE-2016-4818 | DMMFX Trade for Android 1.5.0 and earlier, DMMFX DEMO Trade for Android 1.5.0 and earlier, and GAITAMEJAPAN FX Trade for Android 1.4.0 and earlier do not verify SSL certificates. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-4842 | Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-4844 | Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-4847 | Cross-site scripting (XSS) vulnerability in site/search.php in OSSEC Web UI before 0.9 allows remote attackers to inject arbitrary web script or HTML by leveraging an unanchored regex. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-4849 | Multiple cross-site scripting (XSS) vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote attackers to inject arbitrary web script or HTML by leveraging use of the COM_getCurrentURL function in (1) public_html/layout/default/header.thtml, (2) public_html/layout/bento/header.thtml, (3) public_html/layout/fotos/header.thtml, or (4) public_html/layout/default/article/article.thtml. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-4850 | LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-4862 | Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-4865 | Cross-site scripting (XSS) vulnerability in the Customapp function in Cybozu Office 9.0.0 through 10.4.0. | LOW | Apr 20, 2017 | n/a |
| CVE-2016-4866 | Cross-site scripting (XSS) vulnerability in the Project function in Cybozu Office 9.0.0 through 10.4.0. | LOW | Apr 20, 2017 | n/a |
| CVE-2016-4867 | The Project function in Cybozu 9.0.0 through 10.4.0 allows remote authenticated users to read closed project information. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-4868 | Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to inject arbitrary email headers. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-4869 | Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to obtain session information from users. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-4870 | Cross-site scripting (XSS) vulnerability in Schedule function in Cybozu Office 9.0.0 through 10.4.0. | LOW | Apr 20, 2017 | n/a |
| CVE-2016-4871 | Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-4872 | The breadcrumb trail component in Cybozu Office 9.0.0 through 10.4.0 allows remote authenticated users to read the names of closed projects. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-4873 | The Project function in Cybozu Office 9.0.0 through 10.4.0 does not properly check access permissions, which allows remote authenticated users to alter project information. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-4874 | Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a reflected file download attack. | LOW | Apr 20, 2017 | n/a |
| CVE-2016-4891 | Cross-site request forgery (CSRF) vulnerability in SetucoCMS. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-4893 | SQL injection vulnerability in SetucoCMS. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-4894 | SetucoCMS allows remote attackers to cause a denial of service. | MEDIUM | Apr 20, 2017 | n/a |
| CVE-2016-4895 | SetucoCMS allows remote authenticated users to execute arbitrary code. | MEDIUM | Apr 20, 2017 | n/a |
