Total
414 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40006 | 1 Huawei | 1 Harmonyos | 2026-02-24 | 2.1 LOW | 4.6 MEDIUM |
|
Vulnerability of design defects in the security algorithm component. Successful exploitation of this vulnerability may affect confidentiality.
|
|||||
| CVE-2016-9900 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Thunderbird and 6 more | 2025-11-25 | 5.0 MEDIUM | 7.5 HIGH |
|
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
|
|||||
| CVE-2016-9895 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Thunderbird and 6 more | 2025-11-25 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
|
|||||
| CVE-2014-5414 | 1 Beckhoff | 2 Embedded Pc Images, Twincat | 2025-11-05 | 9.4 HIGH | 9.1 CRITICAL |
|
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
|
|||||
| CVE-2014-9196 | 1 Eaton | 1 Proview | 2025-09-05 | 7.6 HIGH | N/A |
|
Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.
|
|||||
| CVE-2018-6336 | 1 Linuxfoundation | 1 Osquery | 2025-05-06 | 6.8 MEDIUM | 7.8 HIGH |
|
An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. This issue affects osquery prior to v3.2.7
|
|||||
| CVE-2016-7797 | 5 Clusterlabs, Opensuse, Opensuse Project and 2 more | 7 Pacemaker, Leap, Leap and 4 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.
|
|||||
| CVE-2016-7630 | 1 Apple | 1 Iphone Os | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebSheet" component, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors.
|
|||||
| CVE-2016-8306 | 1 Oracle | 1 Flexcube Investor Servicing | 2025-04-20 | 5.5 MEDIUM | 5.4 MEDIUM |
|
Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing ...
Show More |
|||||
| CVE-2015-6473 | 1 Wago | 4 750-849, 750-849 Firmware, 758-870 and 1 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation.
|
|||||
| CVE-2016-6594 | 1 Bluecoat | 3 Advanced Secure Gateway, Cacheflow, Proxysg | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning.
|
|||||
| CVE-2015-7837 | 1 Redhat | 6 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server Aus and 3 more | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
|
The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot.
|
|||||
| CVE-2014-3150 | 1 Orange | 2 Livebox 1.1, Livebox 1.1 Firmware | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
|
Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript.
|
|||||
| CVE-2016-1551 | 2 Ntp, Ntpsec | 2 Ntp, Ntpsec | 2025-04-20 | 2.6 LOW | 3.7 LOW |
|
ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock's peer record and will be treated as a trusted peer. Any system that lacks the typic ...
Show More |
|||||
| CVE-2016-5057 | 1 Osram | 1 Lightify Pro | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning.
|
|||||
| CVE-2016-8508 | 1 Yandex | 1 Yandex Browser | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Yandex Browser for desktop before 17.1.1.227 does not show Protect (similar to Safebrowsing in Chromium) warnings in web-sites with special content-type, which could be used by remote attacker for prevention Protect warning on own malicious web-site.
|
|||||
| CVE-2015-9065 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a UE can respond to a UEInformationRequest before Access Stratum security is established.
|
|||||
| CVE-2015-6592 | 1 Huawei | 2 Uap2105, Uap2105 Firmware | 2025-04-20 | 7.2 HIGH | 6.8 MEDIUM |
|
Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell.
|
|||||
| CVE-2016-1520 | 1 Grandstream | 1 Wave | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application.
|
|||||
| CVE-2016-9885 | 1 Pivotal Software | 1 Gemfire For Pivotal Cloud Foundry | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geode Shell) endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly accessible. Because HTTPS communications are terminated at the gorouter, communications from the gorouter to GemFire clusters are unencrypted. An attacker could run any command available on gfsh and could cause denial of service, lost confidenti ...
Show More |
|||||
| CVE-2016-8314 | 1 Oracle | 1 Flexcube Core Banking | 2025-04-20 | 3.5 LOW | 3.1 LOW |
|
Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 5.1.0, 5.2.0 and 11.5.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Core Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Core Banking accessible data. CVSS v3.0 Base Score 3.1 (Conf ...
Show More |
|||||
| CVE-2015-0233 | 1 Fedoraproject | 1 389 Administration Server | 2025-04-20 | 4.6 MEDIUM | 4.2 MEDIUM |
|
Multiple insecure Temporary File vulnerabilities in 389 Administration Server before 1.1.38.
|
|||||
| CVE-2016-4721 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "IDS - Connectivity" component, which allows man-in-the-middle attackers to spoof calls via a "switch caller" notification.
|
|||||
| CVE-2016-9470 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-20 | 9.3 HIGH | 9.0 CRITICAL |
|
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim's machine by virtually downloading a file from a trusted domain.
|
|||||
| CVE-2015-3170 | 1 Selinux Project | 1 Selinux | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
|
selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows local users to cause a denial of service (SSH login prevention) by creating a hardlink to /etc/passwd from a directory named .config, and updating selinux-policy.
|
|||||
| CVE-2016-4890 | 1 Zohocorp | 1 Servicedesk Plus | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generating cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a cookie.
|
|||||
| CVE-2015-7843 | 1 Huawei | 10 Fusionserver Ch121 V3, Fusionserver Ch220 V3, Fusionserver Ch222 V3 and 7 more | 2025-04-20 | 4.0 MEDIUM | 8.8 HIGH |
|
The management interface on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001 ...
Show More |
|||||
| CVE-2016-3102 | 1 Jenkins | 1 Script Security | 2025-04-20 | 7.5 HIGH | 7.3 HIGH |
|
The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set array operations.
|
|||||
| CVE-2016-10148 | 1 Wordpress | 1 Wordpress | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
|
The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896.
|
|||||
| CVE-2014-9635 | 2 Apache, Jenkins | 2 Tomcat, Jenkins | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Jenkins before 1.586 does not set the HttpOnly flag in a Set-Cookie header for session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies.
|
|||||
| CVE-2016-10178 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command.
|
|||||
| CVE-2016-8398 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
Unauthenticated messages processed by the UE. Certain NAS messages are processed when no EPS security context exists in the UE. Product: Android. Versions: Kernel 3.18. Android ID: A-31548486. References: QC-CR#877705.
|
|||||
| CVE-2016-7541 | 1 Fortinet | 1 Fortios | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. All FortiGate versions with IPS configured in proxy mode (the default mode) are not affected.
|
|||||
| CVE-2015-7267 | 2 Samsung, Seagate | 8 850 Pro, 850 Pro Firmware, Pm851 and 5 more | 2025-04-20 | 1.9 LOW | 4.2 MEDIUM |
|
Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by leveraging failure to detect when SATA drives are unplugged in Sleep Mode, aka a "H ...
Show More |
|||||
| CVE-2016-8768 | 1 Huawei | 6 Honor 6, Honor 6 Firmware, Honor 6 Plus and 3 more | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system or escalate privilege.
|
|||||
| CVE-2016-3997 | 1 Netapp | 1 Clustered Data Ontap | 2025-04-20 | 6.8 MEDIUM | 7.5 HIGH |
|
NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state.
|
|||||
| CVE-2015-7268 | 2 Samsung, Seagate | 8 850 Pro, 850 Pro Firmware, Pm851 and 5 more | 2025-04-20 | 1.9 LOW | 4.2 MEDIUM |
|
Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or ThinkPad W541 laptops with BIOS 2.21, or in Opal or eDrive mode on Dell Latitude E6410 laptops with BIOS A16 or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by triggering a soft reset and booting from an alternative OS, a ...
Show More |
|||||
| CVE-2016-10321 | 1 Web2py | 1 Web2py | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
|
web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks.
|
|||||
| CVE-2010-1776 | 1 Apple | 1 Iphone Os | 2025-04-20 | 4.9 MEDIUM | 4.8 MEDIUM |
|
Find My iPhone on iOS 2.0 through 3.1.3 for iPhone 3G and later and iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later, when Find My iPhone is disabled, allows remote authenticated users with an associated MobileMe account to wipe the device.
|
|||||
| CVE-2016-8911 | 1 Ibm | 1 Kenexa Lms On Cloud | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
|
|||||