Total
2886 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3120 | 1 Elasticsearch | 1 Elasticsearch | 2025-04-12 | 6.8 MEDIUM | 8.1 HIGH |
| The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine. | |||||
| CVE-2015-3911 | 1 Huawei | 2 E587 Mobile Wifi, E587 Mobile Wifi Firmware | 2025-04-12 | 9.0 HIGH | N/A |
| Huawei E587 Mobile WiFi with firmware before 11.203.30.00.00 allows remote attackers to bypass authentication, change configurations, send messages, and cause a denial of service (device restart) via unspecified vectors. | |||||
| CVE-2015-3155 | 1 Theforeman | 1 Foreman | 2025-04-12 | 5.0 MEDIUM | N/A |
| Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2016-4018 | 1 Sap | 1 Hana | 2025-04-12 | 7.5 HIGH | 7.3 HIGH |
| The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and conduct unspecified other attacks via unspecified vectors, aka SAP Security Note 2262742. | |||||
| CVE-2016-5273 | 1 Mozilla | 1 Firefox | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web site. | |||||
| CVE-2015-6552 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to make arbitrary RPC calls via unspecified vectors. | |||||
| CVE-2011-4600 | 2 Canonical, Redhat | 2 Ubuntu Linux, Libvirt | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| The networkReloadIptablesRules function in network/bridge_driver.c in libvirt before 0.9.9 does not properly handle firewall rules on bridge networks when libvirtd is restarted, which might allow remote attackers to bypass intended access restrictions via a (1) DNS or (2) DHCP query. | |||||
| CVE-2014-8631 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-12 | 4.3 MEDIUM | N/A |
| The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 supports native-interface passing, which allows remote attackers to bypass intended DOM object restrictions via a call to an unspecified method. | |||||
| CVE-2016-9920 | 1 Roundcube | 1 Webmail | 2025-04-12 | 6.0 MEDIUM | 7.5 HIGH |
| steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticated users to execute arbitrary code via a modified HTTP request that sends a crafted e-mail message. | |||||
| CVE-2015-6848 | 1 Emc | 1 Isilon Onefs | 2025-04-12 | 8.5 HIGH | N/A |
| EMC Isilon OneFS 7.1.x before 7.1.1.5, 7.2.0.x before 7.2.0.3, and 7.2.1.x before 7.2.1.1, when the RFC 2307 feature is configured but SFU is not universally present, allows remote authenticated AD users to obtain root privileges via unspecified vectors. | |||||
| CVE-2016-5383 | 1 Redhat | 1 Cloudforms | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving "Lack of field filters." | |||||
| CVE-2016-9111 | 1 Citrix | 1 Receiver Desktop | 2025-04-12 | 4.6 MEDIUM | 6.8 MEDIUM |
| Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection of a LAN cable. NOTE: as of 20161208, the vendor could not reproduce the issue, stating "the researcher was unable to provide us with information that would allow us to confirm the behaviour and, despite extensive investigation on test deployments of supported products, we were unable to reproduce the behaviour as he described. The researcher has also, despite additional requests for information, ceased to respond to us." | |||||
| CVE-2016-0318 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-12 | 6.0 MEDIUM | 5.0 MEDIUM |
| Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation. | |||||
| CVE-2015-3061 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2025-04-12 | 10.0 HIGH | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074. | |||||
| CVE-2015-2959 | 1 Zohocorp | 1 Manageengine Netflow Analyzer | 2025-04-12 | 7.5 HIGH | N/A |
| Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by leveraging the guest role. | |||||
| CVE-2015-5017 | 1 Ibm | 13 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 10 more | 2025-04-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password. | |||||
| CVE-2016-5393 | 1 Apache | 1 Hadoop | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| In Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, a remote user who can authenticate with the HDFS NameNode can possibly run arbitrary commands with the same privileges as the HDFS service. | |||||
| CVE-2015-6366 | 1 Cisco | 1 Ios | 2025-04-12 | 5.0 MEDIUM | N/A |
| Cisco IOS 15.2(04)M6 and 15.4(03)S lets physical-interface ACLs supersede tunnel-interface ACLs, which allows remote attackers to bypass intended network-traffic restrictions in opportunistic circumstances by using a tunnel, aka Bug ID CSCur01042. | |||||
| CVE-2015-0531 | 1 Emc | 1 Sourceone Email Management | 2025-04-12 | 5.0 MEDIUM | N/A |
| EMC SourceOne Email Management before 7.2 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2016-6701 | 1 Google | 1 Android | 2025-04-12 | 6.8 MEDIUM | 7.8 HIGH |
| A remote code execution vulnerability in libskia in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of the gallery process. Android ID: A-30190637. | |||||