Total
60767 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7487 | 1 Ibm | 13 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 10 more | 2024-02-04 | 4.9 MEDIUM | 4.1 MEDIUM |
| IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow local users to obtain sensitive information by leveraging administrative privileges and reading log files. | |||||
| CVE-2015-6423 | 1 Cisco | 1 Adaptive Security Appliance Software | 2024-02-04 | 3.5 LOW | 4.3 MEDIUM |
| The DCERPC Inspection implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 through 9.5.1 allows remote authenticated users to bypass an intended DCERPC-only ACL by sending arbitrary network traffic, aka Bug ID CSCuu67782. | |||||
| CVE-2016-2862 | 1 Ibm | 1 Websphere Commerce | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 before 7.0.0.9 cumulative iFix 3, and 8.0 before 8.0.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-5797 | 1 Tollgrade | 1 Lighthouse Sms | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Tollgrade LightHouse SMS before 5.1 patch 3 provides different error messages for failed authentication attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of attempts. | |||||
| CVE-2015-7795 | 1 Cybozu | 1 Office | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150. | |||||
| CVE-2016-0659 | 1 Oracle | 1 Mysql | 2024-02-04 | 3.5 LOW | 5.5 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Optimizer. | |||||
| CVE-2016-0190 | 1 Microsoft | 3 Windows 8.1, Windows Rt 8.1, Windows Server 2012 | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Volume Manager Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 does not properly check whether RemoteFX RDP USB disk accesses originate from the user who mounted a disk, which allows local users to read arbitrary files on these disks via RemoteFX requests, aka "Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability." | |||||
| CVE-2015-7798 | 1 Cybozu | 1 Office | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2016-1149, and CVE-2016-1150. | |||||
| CVE-2016-2271 | 1 Xen | 1 Xen | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP. | |||||
| CVE-2016-5570 | 1 Oracle | 1 Applications Dba | 2024-02-04 | 5.5 MEDIUM | 6.5 MEDIUM |
| Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.2.3 through 12.2.6 allows remote administrators to affect confidentiality and integrity via vectors related to AD Utilities. | |||||
| CVE-2015-8537 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed. | |||||
| CVE-2016-5629 | 3 Mariadb, Oracle, Redhat | 8 Mariadb, Mysql, Enterprise Linux Desktop and 5 more | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated. | |||||
| CVE-2016-2206 | 1 Symantec | 2 Workspace Streaming, Workspace Virtualization | 2024-02-04 | 3.3 LOW | 5.7 MEDIUM |
| The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read arbitrary files by modifying the file-download configuration file. | |||||
| CVE-2015-7555 | 2 Fedoraproject, Giflib Project | 2 Fedora, Giflib | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service (program crash) via crafted image and logical screen width fields in a GIF file. | |||||
| CVE-2016-2159 | 1 Moodle | 1 Moodle | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| The save_submission function in mod/assign/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service request. | |||||
| CVE-2016-5398 | 1 Redhat | 1 Jboss Bpm Suite | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes. | |||||
| CVE-2016-4701 | 1 Apple | 1 Mac Os X | 2024-02-04 | 2.1 LOW | 6.2 MEDIUM |
| Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable. | |||||
| CVE-2015-8473 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to read issues with related changesets from other projects. | |||||
| CVE-2016-3563 | 1 Oracle | 1 Enterprise Manager Base Platform | 2024-02-04 | 5.4 MEDIUM | 6.3 MEDIUM |
| Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect confidentiality and integrity via vectors related to Security Framework, a different vulnerability than CVE-2016-5604. | |||||
| CVE-2016-8279 | 1 Huawei | 7 Honor6, Honor6 Firmware, Honor6 Plus and 4 more | 2024-02-04 | 7.1 HIGH | 5.5 MEDIUM |
| The video driver in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B362, CRR-UL20 before CRR-UL20C00B362, CRR-CL00 before CRR-CL00C92B362, and CRR-CL20 before CRR-CL20C92B362; P8 smartphones with software GRA-TL00 before GRA-TL00C01B366, GRA-UL00 before GRA-UL00C00B366, GRA-UL10 before GRA-UL10C00B366, and GRA-CL00 before GRA-CL00C92B366; and Honor 6 and Honor 6 Plus smartphones with software before 6.9.16 allows attackers to cause a denial of service (device reboot) via a crafted application. | |||||