Total
407 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8398 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Unauthenticated messages processed by the UE. Certain NAS messages are processed when no EPS security context exists in the UE. Product: Android. Versions: Kernel 3.18. Android ID: A-31548486. References: QC-CR#877705. | |||||
| CVE-2016-5933 | 1 Ibm | 1 Tivoli Monitoring | 2025-04-20 | 4.9 MEDIUM | 4.6 MEDIUM |
| IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM Reference #: 1997223. | |||||
| CVE-2014-9634 | 2 Apache, Jenkins | 2 Tomcat, Jenkins | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session. | |||||
| CVE-2016-9868 | 1 Emc | 1 Scaleio | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may cause a denial-of-service by generating a kernel panic in the SCINI driver using IOCTL calls which may render the ScaleIO Data Client (SDC) server unavailable until the next reboot. | |||||
| CVE-2015-7837 | 1 Redhat | 6 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server Aus and 3 more | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot. | |||||
| CVE-2016-10224 | 1 Sauter-controls | 1 Novaweb Web Hmi | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in Sauter NovaWeb web HMI. The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user. | |||||
| CVE-2016-8911 | 1 Ibm | 1 Kenexa Lms On Cloud | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. | |||||
| CVE-2016-4689 | 1 Apple | 1 Iphone Os | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Mail" component, which does not alert the user to an S/MIME email signature that used a revoked certificate. | |||||
| CVE-2016-10336 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Android releases from CAF using the Linux kernel, some regions of memory were not protected during boot. | |||||
| CVE-2015-7331 | 1 Puppetlabs | 1 Mcollective-puppet-agent | 2025-04-20 | 4.9 MEDIUM | 6.6 MEDIUM |
| The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument. | |||||
| CVE-2015-7269 | 1 Seagate | 2 St500lt015, St500lt015 Firmware | 2025-04-20 | 1.9 LOW | 4.2 MEDIUM |
| Seagate ST500LT015 hard disk drives, when operating in eDrive mode on Lenovo ThinkPad W541 laptops with BIOS 2.21, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by attaching a second SATA connector to exposed pins, maintaining an alternate power source, and attaching the data cable to another machine, aka a "Hot Unplug Attack." | |||||
| CVE-2016-4721 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "IDS - Connectivity" component, which allows man-in-the-middle attackers to spoof calls via a "switch caller" notification. | |||||
| CVE-2016-7601 | 1 Apple | 1 Iphone Os | 2025-04-20 | 4.6 MEDIUM | 6.8 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Local Authentication" component, which does not honor the configured screen-lock time interval if the Touch ID prompt is visible. | |||||
| CVE-2016-8508 | 1 Yandex | 1 Yandex Browser | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| Yandex Browser for desktop before 17.1.1.227 does not show Protect (similar to Safebrowsing in Chromium) warnings in web-sites with special content-type, which could be used by remote attacker for prevention Protect warning on own malicious web-site. | |||||
| CVE-2017-11818 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more | 2025-04-20 | 4.4 MEDIUM | 4.5 MEDIUM |
| The Microsoft Windows Storage component on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass vulnerability when it fails to validate an integrity-level check, aka "Windows Storage Security Feature Bypass Vulnerability". | |||||
| CVE-2016-10178 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command. | |||||
| CVE-2016-5057 | 1 Osram | 1 Lightify Pro | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning. | |||||
| CVE-2010-1776 | 1 Apple | 1 Iphone Os | 2025-04-20 | 4.9 MEDIUM | 4.8 MEDIUM |
| Find My iPhone on iOS 2.0 through 3.1.3 for iPhone 3G and later and iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later, when Find My iPhone is disabled, allows remote authenticated users with an associated MobileMe account to wipe the device. | |||||
| CVE-2016-5196 | 1 Google | 1 Chrome | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including those the user was logged into, via a crafted HTML page. | |||||
| CVE-2016-6582 | 1 Doorkeeper Project | 1 Doorkeeper | 2025-04-20 | 6.4 MEDIUM | 9.1 CRITICAL |
| The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification. | |||||