Vulnerabilities (CVE)

Filtered by CWE-284
Total 2619 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-0225 1 Ibm 1 Websphere Commerce 2025-04-12 4.0 MEDIUM 4.9 MEDIUM
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.9 allows remote authenticated Commerce Accelerator administrators to obtain sensitive information via unspecified vectors.
CVE-2016-5650 1 Zmodo 2 Zp-ibh-13w, Zp-ne-14-s 2025-04-12 5.0 MEDIUM 7.5 HIGH
ZModo ZP-NE14-S and ZP-IBH-13W devices do not enforce a WPA2 configuration setting, which allows remote attackers to trigger association with an arbitrary access point by using a recognized SSID value.
CVE-2014-9798 1 Google 1 Android 2025-04-12 7.1 HIGH 5.5 MEDIUM
platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service (OS outage) via a crafted application, aka Android internal bug 28821448 and Qualcomm internal bug CR681965.
CVE-2016-5189 1 Google 1 Chrome 2025-04-12 4.3 MEDIUM 6.5 MEDIUM
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.
CVE-2016-2159 1 Moodle 1 Moodle 2025-04-12 4.0 MEDIUM 4.3 MEDIUM
The save_submission function in mod/assign/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service request.
CVE-2016-2874 1 Ibm 1 Qradar Security Information And Event Manager 2025-04-12 3.5 LOW 3.1 LOW
IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandles authorization, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2016-5588 1 Oracle 1 Outside In Technology 2025-04-12 7.5 HIGH 8.6 HIGH
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5558, CVE-2016-5574, CVE-2016-5577, CVE-2016-5578, and CVE-2016-5579.
CVE-2015-1151 1 Apple 1 Os X Server 2025-04-12 5.0 MEDIUM N/A
Wiki Server in Apple OS X Server before 4.1 allows remote attackers to bypass intended restrictions on Activity and People pages by connecting from an iPad client.
CVE-2016-5565 1 Oracle 1 Hospitality Opera 5 Property Services 2025-04-12 4.0 MEDIUM 7.7 HIGH
Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote authenticated users to affect confidentiality via vectors related to OPERA.
CVE-2015-5826 1 Apple 2 Iphone Os, Safari 2025-04-12 4.3 MEDIUM N/A
WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
CVE-2016-5192 1 Google 1 Chrome 2025-04-12 4.3 MEDIUM 6.5 MEDIUM
Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages.
CVE-2015-7306 1 Drupaldise 1 Cms Updater 2025-04-12 4.9 MEDIUM N/A
The CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal does not properly check access permissions, which allows remote authenticated users to access and change settings by leveraging the "access administration pages" permission.
CVE-2016-5954 1 Ibm 1 Websphere Portal 2025-04-12 4.0 MEDIUM 6.5 MEDIUM
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF30, 8.0.0 through 8.0.0.1 CF21, and 8.5.0 before CF12 allows remote authenticated users to cause a denial of service by uploading temporary files.
CVE-2015-0141 1 Ibm 1 Openpages Grc Platform 2025-04-12 4.0 MEDIUM N/A
IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to modify arbitrary user filters via a JSON request.
CVE-2014-8757 1 Lg 1 On-screen Phone 2025-04-12 8.3 HIGH N/A
LG On-Screen Phone (OSP) before 4.3.010 allows remote attackers to bypass authorization via a crafted request.
CVE-2015-0531 1 Emc 1 Sourceone Email Management 2025-04-12 5.0 MEDIUM N/A
EMC SourceOne Email Management before 7.2 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVE-2016-5577 1 Oracle 1 Outside In Technology 2025-04-12 7.5 HIGH 8.6 HIGH
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5558, CVE-2016-5574, CVE-2016-5578, CVE-2016-5579, and CVE-2016-5588.
CVE-2016-9565 1 Nagios 1 Nagios 2025-04-12 7.5 HIGH 9.8 CRITICAL
MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796.
CVE-2014-8912 1 Ibm 1 Websphere Portal 2025-04-12 5.0 MEDIUM N/A
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by configuration information.
CVE-2014-6110 1 Ibm 1 Security Identity Manager 2025-04-12 2.1 LOW N/A
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation.