Total
4422 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3860 | 1 Google | 1 Android | 2025-04-12 | 7.2 HIGH | N/A |
|
packages/Keyguard/res/layout/keyguard_password_view.xml in Lockscreen in Android 5.x before 5.1.1 LMY48M does not restrict the number of characters in the passwordEntry input field, which allows physically proximate attackers to bypass intended access restrictions via a long password that triggers a SystemUI crash, aka internal bug 22214934.
|
|||||
| CVE-2016-9565 | 1 Nagios | 1 Nagios | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796.
|
|||||
| CVE-2016-10105 | 1 Piwigo | 1 Piwigo | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections variable while using it to include files. This can cause information disclosure and code execution if it contains a .. sequence.
|
|||||
| CVE-2016-5386 | 4 Fedoraproject, Golang, Oracle and 1 more | 6 Fedora, Go, Linux and 3 more | 2025-04-12 | 6.8 MEDIUM | 8.1 HIGH |
|
The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.
|
|||||
| CVE-2016-4911 | 1 Keystone | 1 Openstack Identity | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
|
The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.
|
|||||
| CVE-2015-2509 | 1 Microsoft | 4 Windows 7, Windows 8, Windows 8.1 and 1 more | 2025-04-12 | 9.3 HIGH | N/A |
|
Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Media Center link (mcl) file, aka "Windows Media Center RCE Vulnerability."
|
|||||
| CVE-2016-8633 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 6.2 MEDIUM | 6.8 MEDIUM |
|
drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets.
|
|||||
| CVE-2016-9877 | 2 Broadcom, Pivotal Software | 2 Rabbitmq Server, Rabbitmq | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.
|
|||||
| CVE-2016-3984 | 1 Mcafee | 7 Active Response, Agent, Data Exchange Layer and 4 more | 2025-04-12 | 3.6 LOW | 5.1 MEDIUM |
|
The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P ...
Show More |
|||||
| CVE-2015-8361 | 1 Atlassian | 1 Bamboo | 2025-04-12 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port.
|
|||||
| CVE-2016-0179 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Rt 8.1 and 1 more | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
|
Windows Shell in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Shell Remote Code Execution Vulnerability."
|
|||||
| CVE-2016-0142 | 1 Microsoft | 5 Windows 10, Windows 7, Windows 8.1 and 2 more | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
|
Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Video Control Remote Code Execution Vulnerability."
|
|||||
| CVE-2016-1608 | 1 Novell | 1 Filr | 2025-04-12 | 9.0 HIGH | 8.8 HIGH |
|
vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer parameter.
|
|||||
| CVE-2016-5599 | 1 Oracle | 1 Advanced Supply Chain Planning | 2025-04-12 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Unspecified vulnerability in the Oracle Advanced Supply Chain Planning component in Oracle Supply Chain Products Suite 12.2.3 through 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to MscObieeSrvlt.
|
|||||
| CVE-2016-6317 | 1 Rubyonrails | 1 Rails | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.
|
|||||
| CVE-2016-5495 | 1 Oracle | 1 Discoverer | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Unspecified vulnerability in the Oracle Discoverer component in Oracle Fusion Middleware 11.1.1.7.0 allows remote attackers to affect confidentiality via vectors related to EUL Code & Schema.
|
|||||
| CVE-2014-8632 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal.
|
|||||
| CVE-2016-2009 | 1 Hp | 1 Network Node Manager I | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
|
HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
|
|||||
| CVE-2016-5393 | 1 Apache | 1 Hadoop | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
|
In Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, a remote user who can authenticate with the HDFS NameNode can possibly run arbitrary commands with the same privileges as the HDFS service.
|
|||||
| CVE-2016-6258 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-12 | 7.2 HIGH | 8.8 HIGH |
|
The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.
|
|||||
| CVE-2015-0297 | 1 Redhat | 1 Jboss Operations Network | 2025-04-12 | 9.0 HIGH | N/A |
|
Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.
|
|||||
| CVE-2016-5963 | 1 Ibm | 1 Security Privileged Identity Manager Virtual Appliance | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
|
IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 does not properly validate updates, which allows remote authenticated users to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2015-7560 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.
|
|||||
| CVE-2016-1492 | 1 Lenovo | 1 Shareit | 2025-04-12 | 2.9 LOW | 6.1 MEDIUM |
|
The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.
|
|||||
| CVE-2015-1985 | 1 Ibm | 1 Mq Appliance M2000 | 2025-04-12 | 1.9 LOW | 5.6 MEDIUM |
|
The queue manager on IBM MQ M2000 appliances before 8.0.0.4 allows local users to bypass an intended password requirement and read private keys by leveraging the existence of a stash file.
|
|||||
| CVE-2014-8833 | 1 Apple | 1 Mac Os X | 2025-04-12 | 2.1 LOW | N/A |
|
SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users' protected files via a Spotlight query.
|
|||||
| CVE-2015-0675 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | 8.3 HIGH | N/A |
|
The failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(6), 9.2 before 9.2(3.3), and 9.3 before 9.3(3) does not properly validate failover communication messages, which allows remote attackers to reconfigure an ASA device, and consequently obtain administrative control, by sending crafted UDP packets over the local network to the failover interface, aka Bug ID CSCur21069.
|
|||||
| CVE-2015-5960 | 1 Mozilla | 1 Firefox Os | 2025-04-12 | 1.9 LOW | N/A |
|
Mozilla Firefox OS before 2.2 allows physically proximate attackers to bypass the pass-code protection mechanism and access USB Mass Storage (UMS) media volumes by using the USB interface for a mount operation.
|
|||||
| CVE-2015-7899 | 1 Joomla | 1 Joomla\! | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2016-5104 | 3 Canonical, Libimobiledevice, Opensuse | 5 Ubuntu Linux, Libimobiledevice, Libusbmuxd and 2 more | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket.
|
|||||
| CVE-2016-2989 | 1 Ibm | 1 Connections Portlets | 2025-04-12 | 5.8 MEDIUM | 6.5 MEDIUM |
|
Open redirect vulnerability in the Connections Portlets component 5.x before 5.0.2 for IBM WebSphere Portal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
|
|||||
| CVE-2015-6366 | 1 Cisco | 1 Ios | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Cisco IOS 15.2(04)M6 and 15.4(03)S lets physical-interface ACLs supersede tunnel-interface ACLs, which allows remote attackers to bypass intended network-traffic restrictions in opportunistic circumstances by using a tunnel, aka Bug ID CSCur01042.
|
|||||
| CVE-2015-1922 | 1 Ibm | 1 Db2 | 2025-04-12 | 3.5 LOW | N/A |
|
The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to bypass intended access restrictions and delete table rows via unspecified vectors.
|
|||||
| CVE-2016-2272 | 1 Eaton Lighting Systems | 1 Eg2 Web Control | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to have an unspecified impact via a modified cookie.
|
|||||
| CVE-2014-9798 | 1 Google | 1 Android | 2025-04-12 | 7.1 HIGH | 5.5 MEDIUM |
|
platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service (OS outage) via a crafted application, aka Android internal bug 28821448 and Qualcomm internal bug CR681965.
|
|||||
| CVE-2016-0289 | 1 Ibm | 1 Maximo Asset Management | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
|
shiprec.xml in the SHIPREC application in IBM Maximo Asset Management 7.1 and 7.5 before 7.5.0.10 and 7.6 before 7.6.0.4 allows remote authenticated users to bypass intended item-selection restrictions via unspecified vectors.
|
|||||
| CVE-2016-0088 | 1 Microsoft | 3 Windows 10, Windows 8.1, Windows Server 2012 | 2025-04-12 | 7.2 HIGH | 9.3 CRITICAL |
|
Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remote Code Execution Vulnerability."
|
|||||
| CVE-2016-7040 | 1 Redhat | 1 Cloudforms Management Engine | 2025-04-12 | 9.0 HIGH | 8.8 HIGH |
|
Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections.
|
|||||
| CVE-2015-7055 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-12 | 9.3 HIGH | N/A |
|
AppleMobileFileIntegrity in Apple iOS before 9.2 and tvOS before 9.1 does not prevent changes to access-control structures, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
|
|||||
| CVE-2016-2243 | 3 Hp, Samsung, Zyxel | 30 1000 Series Firmware, 700 Series Firmware, 800 Series Firmware and 27 more | 2025-04-12 | 5.4 MEDIUM | 7.9 HIGH |
|
Sure Start on HP Commercial PCs 2015 allows local users to cause a denial of service (BIOS recovery failure) by leveraging administrative access.
|
|||||