Total
2845 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6143 | 1 Sap | 1 Hana | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806. | |||||
| CVE-2016-6779 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31386004. | |||||
| CVE-2016-1894 | 1 Netapp | 1 Oncommand Workflow Automation | 2025-04-20 | 9.3 HIGH | 8.1 HIGH |
| NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors. | |||||
| CVE-2016-9008 | 1 Ibm | 1 Urbancode Deploy | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent. | |||||
| CVE-2015-1976 | 1 Ibm | 2 Security Directory Server, Tivoli Directory Server | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash. | |||||
| CVE-2016-10334 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Android releases from CAF using the Linux kernel, a dynamically-protected DDR region could potentially get overwritten. | |||||
| CVE-2016-5714 | 1 Puppet | 2 Puppet Agent, Puppet Enterprise | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka "Puppet Execution Protocol (PXP) Command Whitelist Validation Vulnerability." | |||||
| CVE-2016-5750 | 1 Netiq | 1 Access Manager | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users. | |||||
| CVE-2015-3295 | 1 Markdown-it Project | 1 Markdown-it | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| markdown-it before 4.1.0 does not block data: URLs. | |||||
| CVE-2016-3733 | 1 Moodle | 1 Moodle | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber. | |||||
| CVE-2016-9356 | 1 Moxa | 1 Dacenter | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Moxa DACenter Versions 1.4 and older. The application may suffer from an unquoted search path issue. | |||||
| CVE-2016-1518 | 1 Grandstream | 1 Wave | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs, and have unspecified other impact by leveraging failure to use an HTTPS session for downloading configuration files from http://fm.grandstream.com/gs/. | |||||
| CVE-2016-6778 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31384646. | |||||
| CVE-2016-7833 | 1 Cybozu | 1 Dezie | 2025-04-20 | 6.4 MEDIUM | 7.5 HIGH |
| Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors. | |||||
| CVE-2014-8168 | 1 Redhat | 1 Satellite | 2025-04-20 | 4.6 MEDIUM | 6.1 MEDIUM |
| Red Hat Satellite 6 allows local users to access mongod and delete pulp_database. | |||||
| CVE-2016-9413 | 1 Mybb | 2 Merge System, Mybb | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||||
| CVE-2016-9467 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user. | |||||
| CVE-2016-8932 | 1 Ibm | 1 Kenexa Lms | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | |||||
| CVE-2015-7895 | 1 Samsung | 2 Galaxy S6, Samsung Mobile | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). | |||||
| CVE-2016-6255 | 2 Debian, Libupnp Project | 2 Debian Linux, Libupnp | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler. | |||||