Total
4321 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6782 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 9.3 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31224389. References: MT-ALPS02943506. | |||||
| CVE-2016-9467 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user. | |||||
| CVE-2016-9639 | 1 Saltstack | 1 Salt | 2025-04-20 | 7.5 HIGH | 9.1 CRITICAL |
| Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching. | |||||
| CVE-2016-8606 | 2 Fedoraproject, Gnu | 2 Fedora, Guile | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack. | |||||
| CVE-2016-6095 | 1 Ibm | 1 Security Key Lifecycle Manager | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | |||||
| CVE-2016-0320 | 1 Ibm | 1 Urbancode Deploy | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. This could affect the behavior of legitimately triggered processes. | |||||
| CVE-2014-8677 | 1 Soplanning | 1 Soplanning | 2025-04-20 | 3.5 LOW | 5.3 MEDIUM |
| The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, or if PHP before 5.2 is being used, the configuration database is down, and smarty/templates_c is not writable to execute arbitrary php code via a crafted database name. | |||||
| CVE-2016-5058 | 1 Osram | 1 Lightify Pro | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay. | |||||
| CVE-2016-9368 | 1 Eaton | 1 Xcomfort Ethernet Communication Interface | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access files without authenticating. | |||||
| CVE-2016-2930 | 1 Ibm | 1 Bigfix Remote Control | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without authentication. IBM X-Force ID: 5512. | |||||
| CVE-2016-7801 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors. | |||||
| CVE-2016-8793 | 1 Huawei | 6 Mate 8, Mate 8 Firmware, Mate S and 3 more | 2025-04-20 | 6.2 MEDIUM | 6.7 MEDIUM |
| Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege. | |||||
| CVE-2014-9513 | 1 Debian | 1 Xbindkeys-config | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows remote attackers to execute arbitrary code. | |||||
| CVE-2014-9148 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct request to fiyo/dapur. | |||||
| CVE-2016-0768 | 1 Postgresql | 1 Postgresql | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| PostgreSQL PL/Java after 9.0 does not honor access controls on large objects. | |||||
| CVE-2016-6337 | 1 Mediawiki | 1 Mediawiki | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights. | |||||
| CVE-2015-0104 | 1 Ibm | 11 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 8 more | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2015-8987 | 1 Mcafee | 1 Agent | 2025-04-20 | 3.5 LOW | 5.3 MEDIUM |
| Man-in-the-middle (MitM) attack vulnerability in non-Mac OS agents in McAfee (now Intel Security) Agent (MA) 4.8.0 patch 2 and earlier allows attackers to make a McAfee Agent talk with another, possibly rogue, ePO server via McAfee Agent migration to another ePO server. | |||||
| CVE-2016-8304 | 1 Oracle | 1 Flexcube Universal Banking | 2025-04-20 | 4.9 MEDIUM | 5.4 MEDIUM |
| Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts). | |||||
| CVE-2016-5026 | 1 Onionshare | 1 Onionshare | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| hs.py in OnionShare before 0.9.1 allows local users to modify the hiddenservice by pre-creating the /tmp/onionshare directory. | |||||