Total
2619 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1307 | 1 Kde | 1 Plasma-workspace | 2025-04-12 | 4.3 MEDIUM | N/A |
| plasma-workspace before 5.1.95 allows remote attackers to obtain passwords via a Trojan horse Look and Feel package. | |||||
| CVE-2016-5589 | 1 Oracle | 1 Customer Relationship Management Technical Foundation | 2025-04-12 | 6.4 MEDIUM | 8.2 HIGH |
| Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2016-1117 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1044, and CVE-2016-1062. | |||||
| CVE-2015-3114 | 4 Adobe, Apple, Linux and 1 more | 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-2960 | 1 Ibm | 1 Websphere Application Server | 2025-04-12 | 4.3 MEDIUM | 3.7 LOW |
| IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of service via crafted SIP messages. | |||||
| CVE-2016-4501 | 1 Envirosys | 1 Esc 8832 Data Controller | 2025-04-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors. | |||||
| CVE-2014-9901 | 1 Google | 1 Android | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android internal bug 28670333 and Qualcomm internal bug CR548711. | |||||
| CVE-2016-0279 | 1 Ibm | 1 Domino | 2025-04-12 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0301. | |||||
| CVE-2016-0222 | 1 Ibm | 8 Maximo Asset Management, Maximo For Government, Maximo For Life Sciences and 5 more | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors. | |||||
| CVE-2016-0318 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-12 | 6.0 MEDIUM | 5.0 MEDIUM |
| Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation. | |||||
| CVE-2016-3105 | 2 Debian, Mercurial | 2 Debian Linux, Mercurial | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name. | |||||
| CVE-2016-5497 | 1 Oracle | 1 Database | 2025-04-12 | 4.4 MEDIUM | 6.4 MEDIUM |
| Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2014-7193 | 1 Sideway | 1 Hapi Crumb | 2025-04-12 | 5.8 MEDIUM | N/A |
| The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially obtain the ability to spoof requests to non-CORS routes, via a crafted web site that is visited by an application consumer. | |||||
| CVE-2015-1464 | 2 Bestpractical, Fedoraproject | 2 Request Tracker, Fedora | 2025-04-12 | 6.4 MEDIUM | N/A |
| RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL. | |||||
| CVE-2016-9190 | 2 Debian, Python | 2 Debian Linux, Pillow | 2025-04-12 | 6.8 MEDIUM | 7.8 HIGH |
| Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component. | |||||
| CVE-2016-4524 | 1 Abb | 1 Pcm600 | 2025-04-12 | 2.1 LOW | 6.5 MEDIUM |
| ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords in unspecified temporary circumstances, which allows local users to obtain sensitive information via unknown vectors. | |||||
| CVE-2016-4963 | 1 Xen | 1 Xen | 2025-04-12 | 1.9 LOW | 4.7 MEDIUM |
| The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore. | |||||
| CVE-2015-1936 | 1 Ibm | 1 Websphere Application Server | 2025-04-12 | 6.0 MEDIUM | N/A |
| The administrative console in IBM WebSphere Application Server (WAS) 8.0.0 before 8.0.0.11 and 8.5 before 8.5.5.6, when the Security feature is disabled, allows remote authenticated users to hijack sessions via the JSESSIONID parameter. | |||||
| CVE-2015-1115 | 1 Apple | 1 Iphone Os | 2025-04-12 | 4.4 MEDIUM | N/A |
| The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app. | |||||
| CVE-2015-8512 | 1 Mozilla | 1 Firefox Os | 2025-04-12 | 2.1 LOW | 4.6 MEDIUM |
| The lockscreen feature in Mozilla Firefox OS before 2.5 does not properly restrict failed authentication attempts, which makes it easier for physically proximate attackers to obtain access by entering many passcode guesses. | |||||