Total
2619 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-0225 | 1 Ibm | 1 Websphere Commerce | 2025-04-12 | 4.0 MEDIUM | 4.9 MEDIUM |
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.9 allows remote authenticated Commerce Accelerator administrators to obtain sensitive information via unspecified vectors. | |||||
CVE-2016-5650 | 1 Zmodo | 2 Zp-ibh-13w, Zp-ne-14-s | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
ZModo ZP-NE14-S and ZP-IBH-13W devices do not enforce a WPA2 configuration setting, which allows remote attackers to trigger association with an arbitrary access point by using a recognized SSID value. | |||||
CVE-2014-9798 | 1 Google | 1 Android | 2025-04-12 | 7.1 HIGH | 5.5 MEDIUM |
platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service (OS outage) via a crafted application, aka Android internal bug 28821448 and Qualcomm internal bug CR681965. | |||||
CVE-2016-5189 | 1 Google | 1 Chrome | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages. | |||||
CVE-2016-2159 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
The save_submission function in mod/assign/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service request. | |||||
CVE-2016-2874 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-12 | 3.5 LOW | 3.1 LOW |
IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandles authorization, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
CVE-2016-5588 | 1 Oracle | 1 Outside In Technology | 2025-04-12 | 7.5 HIGH | 8.6 HIGH |
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5558, CVE-2016-5574, CVE-2016-5577, CVE-2016-5578, and CVE-2016-5579. | |||||
CVE-2015-1151 | 1 Apple | 1 Os X Server | 2025-04-12 | 5.0 MEDIUM | N/A |
Wiki Server in Apple OS X Server before 4.1 allows remote attackers to bypass intended restrictions on Activity and People pages by connecting from an iPad client. | |||||
CVE-2016-5565 | 1 Oracle | 1 Hospitality Opera 5 Property Services | 2025-04-12 | 4.0 MEDIUM | 7.7 HIGH |
Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote authenticated users to affect confidentiality via vectors related to OPERA. | |||||
CVE-2015-5826 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | 4.3 MEDIUM | N/A |
WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | |||||
CVE-2016-5192 | 1 Google | 1 Chrome | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages. | |||||
CVE-2015-7306 | 1 Drupaldise | 1 Cms Updater | 2025-04-12 | 4.9 MEDIUM | N/A |
The CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal does not properly check access permissions, which allows remote authenticated users to access and change settings by leveraging the "access administration pages" permission. | |||||
CVE-2016-5954 | 1 Ibm | 1 Websphere Portal | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF30, 8.0.0 through 8.0.0.1 CF21, and 8.5.0 before CF12 allows remote authenticated users to cause a denial of service by uploading temporary files. | |||||
CVE-2015-0141 | 1 Ibm | 1 Openpages Grc Platform | 2025-04-12 | 4.0 MEDIUM | N/A |
IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to modify arbitrary user filters via a JSON request. | |||||
CVE-2014-8757 | 1 Lg | 1 On-screen Phone | 2025-04-12 | 8.3 HIGH | N/A |
LG On-Screen Phone (OSP) before 4.3.010 allows remote attackers to bypass authorization via a crafted request. | |||||
CVE-2015-0531 | 1 Emc | 1 Sourceone Email Management | 2025-04-12 | 5.0 MEDIUM | N/A |
EMC SourceOne Email Management before 7.2 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
CVE-2016-5577 | 1 Oracle | 1 Outside In Technology | 2025-04-12 | 7.5 HIGH | 8.6 HIGH |
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5558, CVE-2016-5574, CVE-2016-5578, CVE-2016-5579, and CVE-2016-5588. | |||||
CVE-2016-9565 | 1 Nagios | 1 Nagios | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796. | |||||
CVE-2014-8912 | 1 Ibm | 1 Websphere Portal | 2025-04-12 | 5.0 MEDIUM | N/A |
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by configuration information. | |||||
CVE-2014-6110 | 1 Ibm | 1 Security Identity Manager | 2025-04-12 | 2.1 LOW | N/A |
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation. |