Total
414 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-6498 | 1 Alcatel-lucent | 1 Home Device Manager | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4.2.2 allows remote attackers to spoof and make calls as target devices.
|
|||||
| CVE-2016-6582 | 1 Doorkeeper Project | 1 Doorkeeper | 2025-04-20 | 6.4 MEDIUM | 9.1 CRITICAL |
|
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification.
|
|||||
| CVE-2012-5010 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-20 | 4.8 MEDIUM | 8.1 HIGH |
|
ASA 5515-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim, ASA 5510 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.4.x before 8.4.7 Interim, 8.2.x before 8.2.5 Interim, 9.1.x before 9.1.6 Interim, ASA 5555-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5512-X Adaptive Security Appliance ASA for Application Centric Infr ...
Show More |
|||||
| CVE-2016-7584 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "AppleMobileFileIntegrity" component, which allows remote attackers to spoof signed code by using a matching team ID.
|
|||||
| CVE-2015-7973 | 5 Canonical, Freebsd, Netapp and 2 more | 9 Ubuntu Linux, Freebsd, Clustered Data Ontap and 6 more | 2025-04-20 | 5.8 MEDIUM | 6.5 MEDIUM |
|
NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.
|
|||||
| CVE-2016-9347 | 1 Emerson | 4 Se4801t0x Redundant Wireless I\/o Card, Se4801t0x Redundant Wireless I\/o Card Firmware, Se4801t1x Simplex Wireless I\/o Card and 1 more | 2025-04-20 | 5.4 MEDIUM | 5.0 MEDIUM |
|
An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Card V13.3, and SE4801T1X Simplex Wireless I/O Card V13.3. DeltaV Wireless I/O Cards (WIOC) running the firmware available in the DeltaV system, release v13.3, have the SSH (Secure Shell) functionality enabled unnecessarily.
|
|||||
| CVE-2017-11818 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more | 2025-04-20 | 4.4 MEDIUM | 4.5 MEDIUM |
|
The Microsoft Windows Storage component on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass vulnerability when it fails to validate an integrity-level check, aka "Windows Storage Security Feature Bypass Vulnerability".
|
|||||
| CVE-2016-4689 | 1 Apple | 1 Iphone Os | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Mail" component, which does not alert the user to an S/MIME email signature that used a revoked certificate.
|
|||||
| CVE-2016-10185 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on the D-Link DWR-932B router. A secure_mode=no line exists in /var/miniupnpd.conf.
|
|||||
| CVE-2016-5933 | 1 Ibm | 1 Tivoli Monitoring | 2025-04-20 | 4.9 MEDIUM | 4.6 MEDIUM |
|
IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM Reference #: 1997223.
|
|||||
| CVE-2016-7959 | 1 Siemens | 1 Simatic Step 7 | 2025-04-12 | 1.9 LOW | 4.7 MEDIUM |
|
Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to a file and conducting a brute-force attack.
|
|||||
| CVE-2016-4412 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | 3.6 LOW | 4.4 MEDIUM |
|
An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the user's valid phpMyAdmin token. All 4.0.x versions (prior to 4.0.10.16) are affected.
|
|||||
| CVE-2016-4474 | 1 Redhat | 1 Openstack | 2025-04-12 | 3.3 LOW | 8.8 HIGH |
|
The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) director (aka overcloud-full) use a default root password of ROOTPW, which allows attackers to gain access via unspecified vectors.
|
|||||
| CVE-2014-8779 | 1 Pexip | 1 Pexip Infinity | 2025-04-12 | 7.1 HIGH | N/A |
|
Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these keys.
|
|||||
| CVE-2015-8400 | 2 Fedoraproject, Shellinabox Project | 2 Fedora, Shellinabox | 2025-04-12 | 4.3 MEDIUM | 7.4 HIGH |
|
The HTTPS fallback implementation in Shell In A Box (aka shellinabox) before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL.
|
|||||
| CVE-2015-6029 | 1 Hp | 1 Arcsight Logger | 2025-04-12 | 5.0 MEDIUM | N/A |
|
HP ArcSight Logger before 6.0 P2 does not limit attempts to authenticate to the SOAP interface, which makes it easier for remote attackers to obtain access via a brute-force approach.
|
|||||
| CVE-2015-7288 | 1 Csl Dualcom | 2 Gprs, Gprs Cs2300-r Firmware | 2025-04-12 | 4.3 MEDIUM | N/A |
|
CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 allow remote attackers to modify the configuration via a command in an SMS message, as demonstrated by a "4 2" command.
|
|||||
| CVE-2016-4025 | 1 Avast | 11 Business Security, Email Server Security, Endpoint Protection and 8 more | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
|
Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint Protection Suite v8.x.x, Endpoint Protection Suite Plus v8.x.x, File Server Security v8.x.x, and Email Server Security v8.x.x allow attackers to bypass the DeepScreen feature via a DeviceIoControl call.
|
|||||
| CVE-2016-0907 | 1 Emc | 2 Isilon Onefs, Isilonsd Edge Onefs | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
|
EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0.1, and IsilonSD Edge OneFS 8.0.x before 8.0.0.1, does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream, a similar issue to CVE-2016-2115.
|
|||||
| CVE-2015-0943 | 1 Basware | 1 Banking | 2025-04-12 | 5.8 MEDIUM | N/A |
|
Basware Banking (Maksuliikenne) before 9.10.0.0 does not encrypt communication between the client and the backend server, which allows man-in-the-middle attackers to obtain encryption keys, user credentials, and other sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream.
|
|||||
| CVE-2016-1567 | 1 Tuxfamily | 1 Chrony | 2025-04-12 | 6.8 MEDIUM | 8.1 HIGH |
|
chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
|
|||||
| CVE-2016-1296 | 1 Cisco | 1 Web Security Appliance | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP method, aka Bug ID CSCux00848.
|
|||||
| CVE-2016-3353 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 5.1 MEDIUM | 8.3 HIGH |
|
Microsoft Internet Explorer 9 through 11 mishandles .url files from the Internet zone, which allows remote attackers to bypass intended access restrictions via a crafted file, aka "Internet Explorer Security Feature Bypass."
|
|||||
| CVE-2015-3755 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | 4.3 MEDIUM | N/A |
|
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL.
|
|||||
| CVE-2015-1274 | 4 Debian, Google, Opensuse and 1 more | 6 Debian Linux, Chrome, Opensuse and 3 more | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted file and leveraging a user's previous "Always open files of this type" choice, related to download_commands.cc and download_prefs.cc.
|
|||||
| CVE-2016-2867 | 1 Ibm | 2 Infosphere Streams, Streams | 2025-04-12 | 6.9 MEDIUM | 7.0 HIGH |
|
IBM InfoSphere Streams before 4.0.1.2 and IBM Streams before 4.1.1.1 do not properly implement the runAsUser feature, which allows local users to obtain root group privileges via unspecified vectors.
|
|||||
| CVE-2016-4748 | 1 Apple | 1 Mac Os X | 2025-04-12 | 4.6 MEDIUM | 5.3 MEDIUM |
|
Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable.
|
|||||
| CVE-2015-3715 | 1 Apple | 1 Mac Os X | 2025-04-12 | 6.8 MEDIUM | N/A |
|
The code-signing implementation in Apple OS X before 10.10.4 does not properly consider libraries that are external to an application bundle, which allows attackers to bypass intended launch restrictions via a crafted library.
|
|||||
| CVE-2016-1452 | 1 Cisco | 2 Asr 5000, Asr 5000 Software | 2025-04-12 | 6.4 MEDIUM | 6.5 MEDIUM |
|
Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526.
|
|||||
| CVE-2016-8503 | 1 Yandex | 1 Yandex Browser | 2025-04-12 | 5.0 MEDIUM | 7.3 HIGH |
|
Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript.
|
|||||
| CVE-2016-0894 | 1 Emc | 1 Rsa Data Loss Prevention | 2025-04-12 | 6.5 MEDIUM | 6.3 MEDIUM |
|
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to bypass intended object access restrictions via a modified parameter.
|
|||||
| CVE-2015-1300 | 1 Google | 1 Chrome | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive information via crafted JavaScript code that leverages a history.back call.
|
|||||
| CVE-2015-8368 | 1 Ntop | 1 Ntopng | 2025-04-12 | 6.0 MEDIUM | N/A |
|
ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua.
|
|||||
| CVE-2015-6427 | 1 Cisco | 1 Firesight System Software | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437.
|
|||||
| CVE-2015-3756 | 1 Apple | 1 Iphone Os | 2025-04-12 | 2.1 LOW | N/A |
|
The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog.
|
|||||
| CVE-2016-1657 | 4 Debian, Google, Novell and 1 more | 4 Debian Linux, Chrome, Suse Package Hub For Suse Linux Enterprise and 1 more | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
|
The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL.
|
|||||
| CVE-2016-2846 | 1 Siemens | 2 Simatic S7 1200 Cpu, Simatic S7 Cpu 1200 Firmware | 2025-04-12 | 6.4 MEDIUM | 6.5 MEDIUM |
|
Siemens SIMATIC S7-1200 CPU devices before 4.0 allow remote attackers to bypass a "user program block" protection mechanism via unspecified vectors.
|
|||||
| CVE-2016-0829 | 1 Google | 1 Android | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The BnGraphicBufferProducer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not initialize a certain output data structure, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering a QUEUE_BUFFER action, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26338109.
|
|||||
| CVE-2016-5788 | 1 Ge | 4 Bently Nevada 3500\/22m Serial, Bently Nevada 3500\/22m Serial Firmware, Bently Nevada 3500\/22m Usb and 1 more | 2025-04-12 | 10.0 HIGH | 10.0 CRITICAL |
|
General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via unspecified vectors.
|
|||||
| CVE-2016-9865 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
|
|||||