Total
407 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2362 | 1 Microsoft | 4 Windows 8, Windows 8.1, Windows Server 2008 and 1 more | 2025-04-12 | 7.2 HIGH | N/A |
| Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly initialize guest OS system data structures, which allows guest OS users to execute arbitrary code on the host OS by leveraging guest OS privileges, aka "Hyper-V System Data Structure Vulnerability." | |||||
| CVE-2015-7044 | 1 Apple | 1 Mac Os X | 2025-04-12 | 7.6 HIGH | N/A |
| The System Integrity Protection feature in Apple OS X before 10.11.2 mishandles union mounts, which allows attackers to execute arbitrary code in a privileged context via a crafted app with root privileges. | |||||
| CVE-2015-1601 | 1 Siemens | 1 Simatic Step 7 | 2025-04-12 | 6.8 MEDIUM | N/A |
| Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 allows man-in-the-middle attackers to obtain sensitive information or modify transmitted data via unspecified vectors. | |||||
| CVE-2016-6629 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
| CVE-2015-3750 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | 6.4 MEDIUM | N/A |
| WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof a report by modifying the client-server data stream. | |||||
| CVE-2016-2110 | 2 Canonical, Samba | 2 Ubuntu Linux, Samba | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security. | |||||
| CVE-2016-1696 | 5 Debian, Google, Opensuse and 2 more | 8 Debian Linux, Chrome, Leap and 5 more | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||||
| CVE-2015-5850 | 1 Apple | 1 Iphone Os | 2025-04-12 | 2.1 LOW | N/A |
| AppleKeyStore in Apple iOS before 9 allows physically proximate attackers to reset the count of incorrect passcode attempts via a device backup. | |||||
| CVE-2015-7713 | 1 Openstack | 1 Nova | 2025-04-12 | 5.0 MEDIUM | N/A |
| OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made. | |||||
| CVE-2016-3279 | 1 Microsoft | 9 Excel, Excel Rt, Office and 6 more | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted XLA file, aka "Microsoft Office Remote Code Execution Vulnerability." | |||||
| CVE-2016-2115 | 2 Canonical, Samba | 2 Ubuntu Linux, Samba | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream. | |||||
| CVE-2015-8338 | 1 Xen | 1 Xen | 2025-04-12 | 7.2 HIGH | N/A |
| Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2016-3085 | 1 Apache | 1 Cloudstack | 2025-04-12 | 5.8 MEDIUM | 6.5 MEDIUM |
| Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin. | |||||
| CVE-2015-1793 | 2 Openssl, Oracle | 4 Openssl, Jd Edwards Enterpriseone Tools, Opus 10g Ethernet Switch Family and 1 more | 2025-04-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate. | |||||
| CVE-2016-5525 | 1 Oracle | 1 Solaris Cluster | 2025-04-12 | 2.1 LOW | 3.3 LOW |
| Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.3 allows local users to affect integrity via vectors related to Cluster check files. | |||||
| CVE-2016-1927 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach. | |||||
| CVE-2016-6493 | 1 Citrix | 2 Xenapp, Xendesktop | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission. | |||||
| CVE-2015-5306 | 1 Openstack | 1 Ironic Inspector | 2025-04-12 | 6.8 MEDIUM | N/A |
| OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error. | |||||
| CVE-2016-1567 | 1 Tuxfamily | 1 Chrony | 2025-04-12 | 6.8 MEDIUM | 8.1 HIGH |
| chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." | |||||
| CVE-2015-7863 | 1 Accelerite | 1 Radia Client Automation | 2025-04-12 | 5.0 MEDIUM | N/A |
| The default configuration of Persistent Accelerite Radia Client Automation (formerly HP Client Automation) 7.9 through 9.1 before 2015-02-19 enables a remote Notify capability without the Extended Notify Security features, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. | |||||