Total
407 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4500 | 1 Moxa | 2 Uc-7408 Lx-plus, Uc-7408 Lx-plus Firmware | 2025-04-12 | 4.9 MEDIUM | 5.8 MEDIUM |
| Moxa UC-7408 LX-Plus devices allow remote authenticated users to write to the firmware, and consequently render a device unusable, by leveraging root access. | |||||
| CVE-2016-6708 | 1 Google | 1 Android | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
| An elevation of privilege in the System UI in Android 7.0 before 2016-11-01 could enable a local malicious user to bypass the security prompt of your work profile in Multi-Window mode. This issue is rated as High because it is a local bypass of user interaction requirements for any developer or security setting modifications. Android ID: A-30693465. | |||||
| CVE-2016-5306 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for unintended HTTP traffic on port 8445. | |||||
| CVE-2015-7193 | 1 Mozilla | 1 Firefox | 2025-04-12 | 7.5 HIGH | N/A |
| Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step. | |||||
| CVE-2016-1296 | 1 Cisco | 1 Web Security Appliance | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP method, aka Bug ID CSCux00848. | |||||
| CVE-2015-8777 | 1 Gnu | 1 Glibc | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
| The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. | |||||
| CVE-2015-7576 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2025-04-12 | 4.3 MEDIUM | 3.7 LOW |
| The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to bypass authentication by measuring timing differences. | |||||
| CVE-2016-1443 | 1 Cisco | 1 Amp Threat Grid Appliance | 2025-04-12 | 6.8 MEDIUM | 8.1 HIGH |
| The virtual network stack on Cisco AMP Threat Grid Appliance devices before 2.1.1 allows remote attackers to bypass a sandbox protection mechanism, and consequently obtain sensitive interprocess information or modify interprocess data, via a crafted malware sample. | |||||
| CVE-2016-1927 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach. | |||||
| CVE-2015-5856 | 1 Apple | 1 Iphone Os | 2025-04-12 | 4.3 MEDIUM | N/A |
| The Application Store component in Apple iOS before 9 allows remote attackers to cause a denial of service to an enterprise-signed app via a crafted ITMS URL. | |||||
| CVE-2015-5759 | 1 Apple | 1 Iphone Os | 2025-04-12 | 5.0 MEDIUM | N/A |
| WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events. | |||||
| CVE-2015-5904 | 1 Apple | 1 Iphone Os | 2025-04-12 | 4.3 MEDIUM | N/A |
| Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted web site. | |||||
| CVE-2015-4640 | 2 Samsung, Swiftkey | 5 Galaxy S4, Galaxy S4 Mini, Galaxy S5 and 2 more | 2025-04-12 | 2.9 LOW | N/A |
| The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response. NOTE: CVE-2015-4640 exploitation can be combined with CVE-2015-4641 exploitation for man-in-the-middle code execution. | |||||
| CVE-2016-4748 | 1 Apple | 1 Mac Os X | 2025-04-12 | 4.6 MEDIUM | 5.3 MEDIUM |
| Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable. | |||||
| CVE-2015-5900 | 1 Apple | 1 Mac Os X | 2025-04-12 | 7.1 HIGH | N/A |
| The protected range register in the EFI component in Apple OS X before 10.11 has an incorrect value, which allows attackers to cause a denial of service (boot failure) via a crafted app that writes to an unintended address. | |||||
| CVE-2016-0790 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach. | |||||
| CVE-2016-5788 | 1 Ge | 4 Bently Nevada 3500\/22m Serial, Bently Nevada 3500\/22m Serial Firmware, Bently Nevada 3500\/22m Usb and 1 more | 2025-04-12 | 10.0 HIGH | 10.0 CRITICAL |
| General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via unspecified vectors. | |||||
| CVE-2015-5306 | 1 Openstack | 1 Ironic Inspector | 2025-04-12 | 6.8 MEDIUM | N/A |
| OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error. | |||||
| CVE-2016-1696 | 5 Debian, Google, Opensuse and 2 more | 8 Debian Linux, Chrome, Leap and 5 more | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||||
| CVE-2015-0005 | 1 Microsoft | 3 Windows 2003 Server, Windows Server 2008, Windows Server 2012 | 2025-04-12 | 4.3 MEDIUM | N/A |
| The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, aka "NETLOGON Spoofing Vulnerability." | |||||