Total
2804 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-6848 | 1 Emc | 1 Isilon Onefs | 2025-04-12 | 8.5 HIGH | N/A |
| EMC Isilon OneFS 7.1.x before 7.1.1.5, 7.2.0.x before 7.2.0.3, and 7.2.1.x before 7.2.1.1, when the RFC 2307 feature is configured but SFU is not universally present, allows remote authenticated AD users to obtain root privileges via unspecified vectors. | |||||
| CVE-2015-1541 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | N/A |
| The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an Intent with a (1) FLAG_GRANT_READ_URI_PERMISSION or (2) FLAG_GRANT_WRITE_URI_PERMISSION flag, as demonstrated by bypassing intended restrictions on reading contacts, aka internal bug 19618745. | |||||
| CVE-2016-5581 | 1 Oracle | 1 Irecruitment | 2025-04-12 | 4.6 MEDIUM | 6.6 MEDIUM |
| Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2016-6724 | 1 Google | 1 Android | 2025-04-12 | 7.1 HIGH | 5.5 MEDIUM |
| A denial of service vulnerability in the Input Manager Service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to cause the device to continually reboot. This issue is rated as Moderate because it is a temporary denial of service that requires a factory reset to fix. Android ID: A-30568284. | |||||
| CVE-2016-5578 | 1 Oracle | 1 Outside In Technology | 2025-04-12 | 7.5 HIGH | 8.6 HIGH |
| Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5558, CVE-2016-5574, CVE-2016-5577, CVE-2016-5579, and CVE-2016-5588. | |||||
| CVE-2016-4502 | 1 Envirosys | 1 Esc 8832 Data Controller | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier allows remote attackers to bypass intended access restrictions and execute arbitrary functions via a modified parameter. | |||||
| CVE-2015-2107 | 2 Hp, Sap | 2 Operations Manager I Management Pack, Netweaver | 2025-04-12 | 6.8 MEDIUM | N/A |
| HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges. | |||||
| CVE-2016-4464 | 1 Apache | 1 Cxf Fediz | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature. | |||||
| CVE-2016-0170 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
| GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted document, aka "Windows Graphics Component RCE Vulnerability." | |||||
| CVE-2016-1000156 | 1 Mailcwp Project | 1 Mailcwp | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Mailcwp remote file upload vulnerability incomplete fix v1.100 | |||||
| CVE-2016-1693 | 5 Debian, Google, Opensuse and 2 more | 8 Debian Linux, Chrome, Leap and 5 more | 2025-04-12 | 2.6 LOW | 5.3 MEDIUM |
| browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to spoof the chrome_cleanup_tool.exe (aka CCT) file via a man-in-the-middle attack on an HTTP session. | |||||
| CVE-2016-3274 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 2.6 LOW | 3.1 LOW |
| Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to conduct content-spoofing attacks via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability." | |||||
| CVE-2016-5601 | 1 Oracle | 1 Weblogic Server | 2025-04-12 | 3.3 LOW | 6.3 MEDIUM |
| Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 12.1.3.0, 12.2.1.0, and 12.2.1.1 allows local users to affect confidentiality and integrity via vectors related to CIE Related Components. | |||||
| CVE-2016-1699 | 6 Canonical, Debian, Google and 3 more | 9 Ubuntu Linux, Debian Linux, Chrome and 6 more | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL. | |||||
| CVE-2016-1581 | 1 Canonical | 2 Lxd, Ubuntu Linux | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
| LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors. | |||||
| CVE-2016-3728 | 1 Theforeman | 1 Foreman | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH_INFO to tftp/. | |||||
| CVE-2015-7560 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content. | |||||
| CVE-2015-5325 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 7.5 HIGH | N/A |
| Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665. | |||||
| CVE-2016-3158 | 3 Fedoraproject, Oracle, Xen | 3 Fedora, Vm Server, Xen | 2025-04-12 | 1.7 LOW | 3.8 LOW |
| The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076. | |||||
| CVE-2016-8288 | 1 Oracle | 1 Mysql | 2025-04-12 | 4.9 MEDIUM | 3.1 LOW |
| Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin. | |||||