Total
2574 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8752 | 1 Apache | 1 Atlas | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img. | |||||
| CVE-2016-6336 | 1 Mediawiki | 1 Mediawiki | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete. | |||||
| CVE-2016-10193 | 1 Espeak-ruby Project | 1 Espeak-ruby | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the speak, save, bytes or bytes_wav method in lib/espeak/speech.rb. | |||||
| CVE-2016-5747 | 1 Novell | 1 Edirectory | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies. | |||||
| CVE-2016-9817 | 1 Xen | 1 Xen | 2025-04-20 | 4.9 MEDIUM | 6.5 MEDIUM |
| Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set. | |||||
| CVE-2016-8584 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value. | |||||
| CVE-2016-8300 | 1 Oracle | 1 Flexcube Private Banking | 2025-04-20 | 3.5 LOW | 5.3 MEDIUM |
| Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 5.3 (Confidentiality impacts). | |||||
| CVE-2016-8307 | 1 Oracle | 1 Flexcube Universal Banking | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 5.3 (Confidentiality impacts). | |||||
| CVE-2014-9513 | 1 Debian | 1 Xbindkeys-config | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows remote attackers to execute arbitrary code. | |||||
| CVE-2014-3929 | 1 Lg Project | 1 Lg | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The default configuration for Cougar-LG stores sensitive information under the web root with insufficient access control, which might allow remote attackers to obtain private ssh keys. | |||||
| CVE-2014-3928 | 1 Lg Project | 1 Lg | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| Cougar-LG stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials. | |||||
| CVE-2016-0214 | 1 Ibm | 1 Bigfix Platform | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be executed would be through a phishing attack to trick an unsuspecting victim to execute the file. | |||||
| CVE-2016-0320 | 1 Ibm | 1 Urbancode Deploy | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. This could affect the behavior of legitimately triggered processes. | |||||
| CVE-2015-0110 | 1 Ibm | 2 Business Process Manager, Websphere Application Server | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL. | |||||
| CVE-2016-4908 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors. | |||||
| CVE-2016-6791 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31252384. References: QC-CR#1071809. | |||||
| CVE-2016-4850 | 1 Linecorp | 1 Line | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code. | |||||
| CVE-2016-6782 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 9.3 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31224389. References: MT-ALPS02943506. | |||||
| CVE-2016-2788 | 1 Puppet | 2 Marionette Collective, Puppet Enterprise | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command. | |||||
| CVE-2016-5815 | 1 Schneider-electric | 6 Ion5000, Ion7300, Ion7500 and 3 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes. | |||||