Total
4322 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-8973 | 1 Mybb | 2 Merge System, Mybb | 2025-04-20 | 7.5 HIGH | 8.3 HIGH |
| xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to the forum password. | |||||
| CVE-2016-8311 | 1 Oracle | 1 Flexcube Universal Banking | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 6.5 (Confidentiality impacts). | |||||
| CVE-2016-4800 | 2 Eclipse, Microsoft | 2 Jetty, Windows | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes. | |||||
| CVE-2016-6763 | 1 Google | 1 Android | 2025-04-20 | 7.1 HIGH | 5.5 MEDIUM |
| A denial of service vulnerability in Telephony could enable a local malicious application to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of local permanent denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31530456. | |||||
| CVE-2016-10026 | 1 Ikiwiki | 1 Ikiwiki | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made. | |||||
| CVE-2016-8915 | 1 Ibm | 1 Websphere Mq | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels running under the same process. IBM Reference #: 1998649. | |||||
| CVE-2016-6758 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30148882. References: QC-CR#1071731. | |||||
| CVE-2016-8588 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | 6.0 MEDIUM | 7.3 HIGH |
| The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uploaded file. | |||||
| CVE-2016-9815 | 1 Xen | 1 Xen | 2025-04-20 | 4.9 MEDIUM | 6.5 MEDIUM |
| Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort. | |||||
| CVE-2016-6255 | 2 Debian, Libupnp Project | 2 Debian Linux, Libupnp | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler. | |||||
| CVE-2016-7793 | 1 Sociomantic | 1 Git-hub | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository URL. | |||||
| CVE-2012-4379 | 1 Mediawiki | 1 Mediawiki | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element. | |||||
| CVE-2016-8642 | 1 Moodle | 1 Moodle | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Moodle 2.x and 3.x, the question engine allows access to files that should not be available. | |||||
| CVE-2016-6077 | 1 Ibm | 1 Cognos Disclosure Management | 2025-04-20 | 6.8 MEDIUM | 5.3 MEDIUM |
| IBM Cognos Disclosure Management 10.2 could allow a malicious attacker to execute commands as a lower privileged user that opens a malicious document. IBM Reference #: 1991584. | |||||
| CVE-2016-8584 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value. | |||||
| CVE-2016-7824 | 1 Buffalotech | 2 Wnc01wh, Wnc01wh Firmware | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors. | |||||
| CVE-2016-6807 | 1 Apache | 1 Ambari | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations are invoked by the Ambari Agent process on Ambari Agent hosts, as the user executing the Ambari Agent process. | |||||
| CVE-2016-9462 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to restore old versions. | |||||
| CVE-2016-6779 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31386004. | |||||
| CVE-2016-7807 | 1 Iodata | 2 Wfs-sr01, Wfs-sr01 Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors. | |||||