Total
2618 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-8311 | 1 Oracle | 1 Flexcube Universal Banking | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 6.5 (Confidentiality impacts). | |||||
CVE-2016-6777 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31910462. References: N-CVE-2016-6777. | |||||
CVE-2016-8282 | 1 Oracle | 1 Flexcube Private Banking | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Private Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts). | |||||
CVE-2016-10369 | 1 Lxterminal Project | 1 Lxterminal | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control). | |||||
CVE-2016-5217 | 1 Google | 1 Chrome | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolation via a crafted HTML page. | |||||
CVE-2015-3653 | 1 Arubanetworks | 1 Clearpass | 2025-04-20 | 9.0 HIGH | 7.2 HIGH |
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect permission checking. | |||||
CVE-2016-8010 | 1 Mcafee | 2 Application Control, Endpoint Security | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
Application protections bypass vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and earlier and Endpoint Security (ENS) 10.2 and earlier allows local users to bypass local security protection via a command-line utility. | |||||
CVE-2015-9047 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GNSS when performing a scan after bootup. | |||||
CVE-2014-9827 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file. | |||||
CVE-2016-5206 | 1 Google | 1 Chrome | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page. | |||||
CVE-2016-8643 | 1 Moodle | 1 Moodle | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services. | |||||
CVE-2016-6760 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29617572. References: QC-CR#1055783. | |||||
CVE-2016-8393 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31911920. | |||||
CVE-2016-2788 | 1 Puppet | 2 Marionette Collective, Puppet Enterprise | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command. | |||||
CVE-2016-4908 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors. | |||||
CVE-2015-9245 | 1 Progress | 1 Openedge | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931. | |||||
CVE-2016-5058 | 1 Osram | 1 Lightify Pro | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay. | |||||
CVE-2016-7408 | 1 Dropbear Ssh Project | 1 Dropbear Ssh | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument. | |||||
CVE-2016-8792 | 1 Huawei | 6 Mate 8, Mate 8 Firmware, Mate S and 3 more | 2025-04-20 | 6.2 MEDIUM | 7.1 HIGH |
Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368, Versions before CRR-TL00C01B368, Versions before CRR-UL00C00B368, Versions before CRR-UL20C00B368; and P8 phones with software Versions before GRA-TL00C01B366, Versions before GRA-CL00C92B366, Versions before GRA-CL10C92B366, Versions before GRA-UL00C00B366, Versions before GRA-UL10C00B366 allow attackers with graphic or Camera privilege to crash the system or escalate privilege. | |||||
CVE-2016-5750 | 1 Netiq | 1 Access Manager | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users. |