Total
407 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3715 | 1 Apple | 1 Mac Os X | 2025-04-12 | 6.8 MEDIUM | N/A |
| The code-signing implementation in Apple OS X before 10.10.4 does not properly consider libraries that are external to an application bundle, which allows attackers to bypass intended launch restrictions via a crafted library. | |||||
| CVE-2016-0832 | 1 Google | 1 Android | 2025-04-12 | 6.6 MEDIUM | 6.1 MEDIUM |
| Setup Wizard in Android 5.1.x before LMY49H and 6.x before 2016-03-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25955042. | |||||
| CVE-2016-5155 | 2 Google, Opensuse | 2 Chrome, Leap | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site. | |||||
| CVE-2016-1862 | 1 Apple | 1 Mac Os X | 2025-04-12 | 4.3 MEDIUM | 3.3 LOW |
| Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1860. | |||||
| CVE-2014-6174 | 1 Ibm | 1 Websphere Application Server | 2025-04-12 | 4.3 MEDIUM | N/A |
| IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to conduct clickjacking attacks via a crafted web site. | |||||
| CVE-2016-1738 | 1 Apple | 1 Mac Os X | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| dyld in Apple OS X before 10.11.4 allows attackers to bypass a code-signing protection mechanism via a modified app. | |||||
| CVE-2016-3085 | 1 Apache | 1 Cloudstack | 2025-04-12 | 5.8 MEDIUM | 6.5 MEDIUM |
| Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin. | |||||
| CVE-2016-3025 | 1 Ibm | 2 Security Access Manager, Security Access Manager For Mobile | 2025-04-12 | 5.0 MEDIUM | 8.1 HIGH |
| IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. | |||||
| CVE-2015-6427 | 1 Cisco | 1 Firesight System Software | 2025-04-12 | 5.0 MEDIUM | N/A |
| Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437. | |||||
| CVE-2016-5162 | 2 Google, Opensuse | 2 Chrome, Leap | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5160. | |||||
| CVE-2014-8779 | 1 Pexip | 1 Pexip Infinity | 2025-04-12 | 7.1 HIGH | N/A |
| Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these keys. | |||||
| CVE-2016-1140 | 1 Kddi | 2 Home Spot Cube, Home Spot Cube Firmware | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unspecified vectors. | |||||
| CVE-2015-8803 | 3 Canonical, Nettle Project, Opensuse | 4 Ubuntu Linux, Nettle, Leap and 1 more | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. | |||||
| CVE-2016-4451 | 1 Theforeman | 1 Foreman | 2025-04-12 | 6.0 MEDIUM | 5.0 MEDIUM |
| The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restrictions and read or modify data for an arbitrary organization by leveraging knowledge of the id of that organization. | |||||
| CVE-2016-4412 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | 3.6 LOW | 4.4 MEDIUM |
| An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the user's valid phpMyAdmin token. All 4.0.x versions (prior to 4.0.10.16) are affected. | |||||
| CVE-2015-1267 | 1 Google | 1 Chrome | 2025-04-12 | 5.0 MEDIUM | N/A |
| Blink, as used in Google Chrome before 43.0.2357.130, does not properly restrict the creation context during creation of a DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that uses a Blink public API, related to WebArrayBufferConverter.cpp, WebBlob.cpp, WebDOMError.cpp, and WebDOMFileSystem.cpp. | |||||
| CVE-2016-8503 | 1 Yandex | 1 Yandex Browser | 2025-04-12 | 5.0 MEDIUM | 7.3 HIGH |
| Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript. | |||||
| CVE-2016-4603 | 1 Apple | 1 Iphone Os | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| Web Media in Apple iOS before 9.3.3 allows attackers to bypass the Private Browsing protection mechanism and obtain sensitive video URL information by leveraging Safari View Controller misbehavior. | |||||
| CVE-2015-6113 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2025-04-12 | 2.1 LOW | N/A |
| The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to bypass intended filesystem permissions by leveraging Low Integrity access, aka "Windows Kernel Security Feature Bypass Vulnerability." | |||||
| CVE-2016-3198 | 1 Microsoft | 1 Edge | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| Microsoft Edge allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted document, aka "Microsoft Edge Security Feature Bypass." | |||||