Total
4422 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4215 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors.
|
|||||
| CVE-2016-0906 | 1 Emc | 1 Avamar | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
|
The web-restore interface in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directories via a Linux backup-restore operation.
|
|||||
| CVE-2014-8827 | 1 Apple | 1 Mac Os X | 2025-04-12 | 2.1 LOW | N/A |
|
LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen.
|
|||||
| CVE-2016-5482 | 1 Oracle | 1 Commerce Guided Search | 2025-04-12 | 5.8 MEDIUM | 8.2 HIGH |
|
Unspecified vulnerability in the Oracle Commerce Guided Search component in Oracle Commerce 6.2.2, 6.3.0, 6.4.1.2, and 6.5.0 through 6.5.2 allows remote attackers to affect confidentiality and integrity via unknown vectors.
|
|||||
| CVE-2016-1842 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.
|
|||||
| CVE-2015-5247 | 2 Canonical, Redhat | 2 Ubuntu Linux, Libvirt | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool.
|
|||||
| CVE-2016-7226 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2025-04-12 | 3.6 LOW | 6.1 MEDIUM |
|
Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."
|
|||||
| CVE-2016-4369 | 1 Hp | 1 Discovery And Dependency Mapping Inventory | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
|
HPE Discovery and Dependency Mapping Inventory (DDMi) 9.30, 9.31, 9.32, 9.32 update 1, 9.32 update 2, and 9.32 update 3 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
|
|||||
| CVE-2014-9388 | 1 Mantisbt | 1 Mantisbt | 2025-04-12 | 5.0 MEDIUM | N/A |
|
bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handler_id parameter.
|
|||||
| CVE-2015-7910 | 1 Exemys | 1 Telemetry Web Server | 2025-04-12 | 7.8 HIGH | N/A |
|
Exemys Telemetry Web Server relies on an HTTP Location header to indicate that a client is unauthorized, which allows remote attackers to bypass intended access restrictions by disregarding this header and processing the response body.
|
|||||
| CVE-2016-9182 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Exponent CMS permits undefined actions to execute by default, so an attacker can use a capitalized method name to bypass the permission check, e.g., controller=expHTMLEditor&action=preview&editor=ckeditor and controller=expHTMLEditor&action=Preview&editor=ckeditor. An anonymous user will be rejected fo ...
Show More |
|||||
| CVE-2015-6851 | 1 Rsa | 1 Securid Web Agent | 2025-04-12 | 7.2 HIGH | 6.7 MEDIUM |
|
EMC RSA SecurID Web Agent before 8.0 allows physically proximate attackers to bypass the privacy-screen protection mechanism by leveraging an unattended workstation and running DOM Inspector.
|
|||||
| CVE-2015-7577 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass intended change restrictions by leveraging use of the nested attributes feature.
|
|||||
| CVE-2015-4526 | 1 Emc | 1 Recoverpoint For Virtual Machines | 2025-04-12 | 7.2 HIGH | N/A |
|
EMC RecoverPoint for Virtual Machines (VMs) 4.2 allows local users to obtain root-shell access by bypassing the Installation Manager Boxmgmt CLI interface.
|
|||||
| CVE-2015-6675 | 1 Siemens | 1 Ruggedcom Rugged Operating System | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Siemens RUGGEDCOM ROS 3.8.0 through 4.1.x permanently enables the IP forwarding feature, which allows remote attackers to bypass a VLAN isolation protection mechanism via IP traffic.
|
|||||
| CVE-2014-9717 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 3.6 LOW | 6.1 MEDIUM |
|
fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace.
|
|||||
| CVE-2016-5591 | 1 Oracle | 1 Customer Interaction History | 2025-04-12 | 6.4 MEDIUM | 8.2 HIGH |
|
Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5587 and CVE-2016-5593.
|
|||||
| CVE-2015-3116 | 4 Adobe, Apple, Linux and 1 more | 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2014-0578, CVE-2015-3115, CVE-2015-3125, and CVE-2015-5116.
|
|||||
| CVE-2016-7237 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2025-04-12 | 6.8 MEDIUM | 6.5 MEDIUM |
|
Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote authenticated users to cause a denial of service (system hang) via a crafted request, aka "Local Security Authority Subsystem Service Denial of Service Vulnerability."
|
|||||
| CVE-2016-5570 | 1 Oracle | 1 Applications Dba | 2025-04-12 | 5.5 MEDIUM | 6.5 MEDIUM |
|
Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.2.3 through 12.2.6 allows remote administrators to affect confidentiality and integrity via vectors related to AD Utilities.
|
|||||
| CVE-2016-1770 | 1 Apple | 1 Mac Os X | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL.
|
|||||
| CVE-2016-0278 | 1 Ibm | 1 Domino | 2025-04-12 | 6.8 MEDIUM | 7.8 HIGH |
|
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0279, and CVE-2016-0301.
|
|||||
| CVE-2015-1631 | 1 Microsoft | 1 Exchange Server | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to spoof meeting organizers via unspecified vectors, aka "Exchange Forged Meeting Request Spoofing Vulnerability."
|
|||||
| CVE-2014-8757 | 1 Lg | 1 On-screen Phone | 2025-04-12 | 8.3 HIGH | N/A |
|
LG On-Screen Phone (OSP) before 4.3.010 allows remote attackers to bypass authorization via a crafted request.
|
|||||
| CVE-2016-3707 | 3 Linux, Novell, Redhat | 4 Linux Kernel-rt, Suse Linux Enterprise Real Time Extension, Enterprise Linux For Real Time and 1 more | 2025-04-12 | 6.8 MEDIUM | 8.1 HIGH |
|
The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file.
|
|||||
| CVE-2016-6150 | 1 Sap | 1 Hana | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended access restrictions and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2233550.
|
|||||
| CVE-2015-4034 | 1 Samsung | 1 Galaxy S5 | 2025-04-12 | 7.9 HIGH | N/A |
|
The createFromParcel method in the com.absolute.android.persistence.MethodSpec class in Samsung Galaxy S5s allows remote attackers to execute arbitrary files via a crafted Parcelable object in a serialized MethodSpec object.
|
|||||
| CVE-2016-0208 | 1 Ibm | 1 Websphere Commerce | 2025-04-12 | 4.3 MEDIUM | 3.7 LOW |
|
IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and 8.x before 8.0.0.3 allows remote attackers to cause a denial of service (order-processing outage) via unspecified vectors.
|
|||||
| CVE-2016-8281 | 1 Oracle | 1 Platform Security For Java | 2025-04-12 | 6.5 MEDIUM | 7.6 HIGH |
|
Unspecified vulnerability in the Oracle Platform Security for Java component in Oracle Fusion Middleware 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-5536.
|
|||||
| CVE-2016-8223 | 2 Lenovo, Microsoft | 2 System Interface Foundation, Windows 10 | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
|
During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interface Foundation software installed on some Windows 10 PCs where a user with local privileges could run arbitrary code with administrator level privileges.
|
|||||
| CVE-2016-0757 | 1 Openstack | 1 Image Registry And Delivery Service \(glance\) | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
|
OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image.
|
|||||
| CVE-2016-9836 | 1 Joomla | 1 Joomla\! | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the `.php6`, `.php7`, `.phtml`, and `.phpt` extensions. Additionally, JHelperMedia::canUpload() did not blacklist these file extensions as uploadable file types.
|
|||||
| CVE-2016-6802 | 1 Apache | 1 Shiro | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path.
|
|||||
| CVE-2016-4551 | 1 Sap | 3 Netweaver, Sap Aba, Sap Basis | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621.
|
|||||
| CVE-2016-4495 | 1 Kmc Controls | 2 Bac-5051e, Bac-5051e Firmware | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allow remote attackers to bypass intended access restrictions and read a configuration file via unspecified vectors.
|
|||||
| CVE-2015-7881 | 1 Colorbox Project | 1 Colorbox | 2025-04-12 | 3.5 LOW | N/A |
|
The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote authenticated users with certain permissions to bypass intended access restrictions and "add unexpected content to a Colorbox" via unspecified vectors, possibly related to a link in a comment.
|
|||||
| CVE-2016-3162 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2025-04-12 | 6.5 MEDIUM | 8.1 HIGH |
|
The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files.
|
|||||
| CVE-2015-1920 | 1 Ibm | 1 Websphere Application Server | 2025-04-12 | 10.0 HIGH | N/A |
|
IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in a management-port session.
|
|||||
| CVE-2015-6933 | 1 Vmware | 4 Esxi, Fusion, Player and 1 more | 2025-04-12 | 6.5 MEDIUM | 6.3 MEDIUM |
|
The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0 allows Windows guest OS users to gain guest OS privileges or cause a denial of service (guest OS kernel memory corruption) via unspecified vectors.
|
|||||
| CVE-2015-3115 | 4 Adobe, Apple, Linux and 1 more | 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2014-0578, CVE-2015-3116, CVE-2015-3125, and CVE-2015-5116.
|
|||||