Total
2895 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0153 | 1 Microsoft | 6 Windows 7, Windows 8.1, Windows Rt 8.1 and 3 more | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Remote Code Execution Vulnerability." | |||||
| CVE-2015-0694 | 1 Cisco | 7 Asr 9001, Asr 9006, Asr 9010 and 4 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806. | |||||
| CVE-2016-5532 | 1 Oracle | 1 Shipping Execution | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Unspecified vulnerability in the Oracle Shipping Execution component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality via vectors related to Workflow Events. | |||||
| CVE-2016-9182 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Exponent CMS permits undefined actions to execute by default, so an attacker can use a capitalized method name to bypass the permission check, e.g., controller=expHTMLEditor&action=preview&editor=ckeditor and controller=expHTMLEditor&action=Preview&editor=ckeditor. An anonymous user will be rejected for the former but can access the latter. | |||||
| CVE-2016-5943 | 1 Ibm | 1 Spectrum Control | 2025-04-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to bypass intended access restrictions, and read task details or edit properties, via unspecified vectors. | |||||
| CVE-2016-5585 | 1 Oracle | 1 Interaction Center Intelligence | 2025-04-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| Unspecified vulnerability in the Oracle Interaction Center Intelligence component in Oracle E-Business Suite 12.1.1 through 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2016-8292 | 1 Oracle | 1 Peoplesoft Enterprise Human Capital Management Talent Acquisition Manager | 2025-04-12 | 5.8 MEDIUM | 4.2 MEDIUM |
| Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to Talent Acquisition Manager. | |||||
| CVE-2016-5482 | 1 Oracle | 1 Commerce Guided Search | 2025-04-12 | 5.8 MEDIUM | 8.2 HIGH |
| Unspecified vulnerability in the Oracle Commerce Guided Search component in Oracle Commerce 6.2.2, 6.3.0, 6.4.1.2, and 6.5.0 through 6.5.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2016-1866 | 2 Opensuse, Saltstack | 2 Leap, Salt | 2025-04-12 | 6.8 MEDIUM | 8.1 HIGH |
| Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream. | |||||
| CVE-2014-6625 | 1 Arubanetworks | 1 Clearpass | 2025-04-12 | 9.0 HIGH | N/A |
| The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to gain privileges via unspecified vectors. | |||||
| CVE-2016-8222 | 1 Lenovo | 148 Thinkpad 10 Ella 2, Thinkpad 10 Ella 2 Bios, Thinkpad 11e Beema and 145 more | 2025-04-12 | 4.7 MEDIUM | 4.4 MEDIUM |
| A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow certain BIOS variables or settings to be altered (such as boot sequence). The setting or changing of BIOS passwords is not affected by this vulnerability. | |||||
| CVE-2015-7490 | 1 Ibm | 1 Infosphere Information Server | 2025-04-12 | 3.5 LOW | 3.1 LOW |
| IBM InfoSphere Information Server 8.5 through FP3, 8.7 through FP2, 9.1 through 9.1.2.0, 11.3 through 11.3.1.2, and 11.5 allows remote authenticated users to bypass intended access restrictions via a modified cookie. | |||||
| CVE-2015-4034 | 1 Samsung | 1 Galaxy S5 | 2025-04-12 | 7.9 HIGH | N/A |
| The createFromParcel method in the com.absolute.android.persistence.MethodSpec class in Samsung Galaxy S5s allows remote attackers to execute arbitrary files via a crafted Parcelable object in a serialized MethodSpec object. | |||||
| CVE-2015-5512 | 1 Me Aliases Project | 1 Me Aliases | 2025-04-12 | 5.0 MEDIUM | N/A |
| The me aliases module 6.x-2.x before 6.x-2.10 and 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to access Views using the "me" user argument handler by substituting "me" for a user id in a URL. | |||||
| CVE-2014-6626 | 1 Arubanetworks | 1 Clearpass | 2025-04-12 | 10.0 HIGH | N/A |
| Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to unspecified administrative functions, which allows remote attackers to bypass authentication and execute administrative actions via unknown vectors. | |||||
| CVE-2016-4760 | 2 Apple, Microsoft | 4 Iphone Os, Itunes, Safari and 1 more | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support. | |||||
| CVE-2016-3319 | 1 Microsoft | 4 Edge, Windows 10, Windows 8.1 and 1 more | 2025-04-12 | 9.3 HIGH | 7.0 HIGH |
| The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allows remote attackers to execute arbitrary code via a crafted PDF file, aka "Microsoft PDF Remote Code Execution Vulnerability." | |||||
| CVE-2016-2278 | 1 Schneider-electric | 4 Struxureware Building Operations Automation Server As, Struxureware Building Operations Automation Server As-p, Struxureware Building Operations Automation Server As-p Firmware and 1 more | 2025-04-12 | 9.0 HIGH | 7.2 HIGH |
| Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh (aka Minimal Shell) protection mechanism. | |||||
| CVE-2016-2929 | 1 Ibm | 1 Bigfix Remote Control | 2025-04-12 | 4.3 MEDIUM | 8.1 HIGH |
| IBM BigFix Remote Control before 9.1.3 does not properly restrict password choices, which makes it easier for remote attackers to obtain access via a brute-force approach. | |||||
| CVE-2016-8285 | 1 Oracle | 1 Peoplesoft Enterprise Human Capital Management Candidate Gateway | 2025-04-12 | 4.9 MEDIUM | 4.8 MEDIUM |
| Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote administrators to affect confidentiality and integrity via vectors related to Candidate Gateway. | |||||