Total
3035 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5026 | 1 Onionshare | 1 Onionshare | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| hs.py in OnionShare before 0.9.1 allows local users to modify the hiddenservice by pre-creating the /tmp/onionshare directory. | |||||
| CVE-2016-5239 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2016-6768 | 1 Google | 1 Android | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31631842. | |||||
| CVE-2015-8275 | 1 Eparaksts | 2 Edoc-libraries, Eparakstitajs 3 | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to write to arbitrary files via crafted EDOC files. | |||||
| CVE-2016-6777 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31910462. References: N-CVE-2016-6777. | |||||
| CVE-2016-6338 | 1 Redhat | 1 Enterprise Virtualization | 2025-04-20 | 4.6 MEDIUM | 6.8 MEDIUM |
| ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries. | |||||
| CVE-2016-7833 | 1 Cybozu | 1 Dezie | 2025-04-20 | 6.4 MEDIUM | 7.5 HIGH |
| Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors. | |||||
| CVE-2016-4910 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors. | |||||
| CVE-2015-2692 | 1 Adblock | 1 Adblock | 2025-04-20 | 6.4 MEDIUM | 10.0 CRITICAL |
| AdBlock before 2.21 allows remote attackers to block arbitrary resources on arbitrary websites and to disable arbitrary blocking filters. | |||||
| CVE-2016-8007 | 1 Mcafee | 1 Host Intrusion Prevention Services | 2025-04-20 | 3.0 LOW | 6.3 MEDIUM |
| Authentication bypass vulnerability in McAfee Host Intrusion Prevention Services (HIPS) 8.0 Patch 7 and earlier allows authenticated users to manipulate the product's registry keys via specific conditions. | |||||
| CVE-2016-8606 | 2 Fedoraproject, Gnu | 2 Fedora, Guile | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack. | |||||
| CVE-2016-6095 | 1 Ibm | 1 Security Key Lifecycle Manager | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | |||||
| CVE-2015-1976 | 1 Ibm | 2 Security Directory Server, Tivoli Directory Server | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash. | |||||
| CVE-2014-9961 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection exists that can be used to bypass power-on write protection. | |||||
| CVE-2016-8274 | 1 Huawei | 1 Hisuite | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| Huawei PC client software HiSuite 4.0.5.300_OVE has a dynamic link library (DLL) hijack vulnerability; an attacker can make the system load malicious DLL files to execute arbitrary code. | |||||
| CVE-2016-3733 | 1 Moodle | 1 Moodle | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber. | |||||
| CVE-2016-8227 | 1 Lenovo | 1 Transition | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges. | |||||
| CVE-2016-7794 | 1 Sociomantic | 1 Git-hub | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository name. | |||||
| CVE-2015-4594 | 1 Eclinicalworks | 1 Population Health | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an existent session ID. | |||||
| CVE-2015-8140 | 1 Ntp | 1 Ntp | 2025-04-20 | 5.8 MEDIUM | 4.8 MEDIUM |
| The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network. | |||||