Total
2919 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5943 | 1 Ibm | 1 Spectrum Control | 2025-04-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to bypass intended access restrictions, and read task details or edit properties, via unspecified vectors. | |||||
| CVE-2016-5585 | 1 Oracle | 1 Interaction Center Intelligence | 2025-04-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| Unspecified vulnerability in the Oracle Interaction Center Intelligence component in Oracle E-Business Suite 12.1.1 through 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2016-8292 | 1 Oracle | 1 Peoplesoft Enterprise Human Capital Management Talent Acquisition Manager | 2025-04-12 | 5.8 MEDIUM | 4.2 MEDIUM |
| Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to Talent Acquisition Manager. | |||||
| CVE-2016-5482 | 1 Oracle | 1 Commerce Guided Search | 2025-04-12 | 5.8 MEDIUM | 8.2 HIGH |
| Unspecified vulnerability in the Oracle Commerce Guided Search component in Oracle Commerce 6.2.2, 6.3.0, 6.4.1.2, and 6.5.0 through 6.5.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2016-1866 | 2 Opensuse, Saltstack | 2 Leap, Salt | 2025-04-12 | 6.8 MEDIUM | 8.1 HIGH |
| Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream. | |||||
| CVE-2014-6625 | 1 Arubanetworks | 1 Clearpass | 2025-04-12 | 9.0 HIGH | N/A |
| The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to gain privileges via unspecified vectors. | |||||
| CVE-2016-8222 | 1 Lenovo | 148 Thinkpad 10 Ella 2, Thinkpad 10 Ella 2 Bios, Thinkpad 11e Beema and 145 more | 2025-04-12 | 4.7 MEDIUM | 4.4 MEDIUM |
| A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow certain BIOS variables or settings to be altered (such as boot sequence). The setting or changing of BIOS passwords is not affected by this vulnerability. | |||||
| CVE-2015-7490 | 1 Ibm | 1 Infosphere Information Server | 2025-04-12 | 3.5 LOW | 3.1 LOW |
| IBM InfoSphere Information Server 8.5 through FP3, 8.7 through FP2, 9.1 through 9.1.2.0, 11.3 through 11.3.1.2, and 11.5 allows remote authenticated users to bypass intended access restrictions via a modified cookie. | |||||
| CVE-2015-4034 | 1 Samsung | 1 Galaxy S5 | 2025-04-12 | 7.9 HIGH | N/A |
| The createFromParcel method in the com.absolute.android.persistence.MethodSpec class in Samsung Galaxy S5s allows remote attackers to execute arbitrary files via a crafted Parcelable object in a serialized MethodSpec object. | |||||
| CVE-2015-5512 | 1 Me Aliases Project | 1 Me Aliases | 2025-04-12 | 5.0 MEDIUM | N/A |
| The me aliases module 6.x-2.x before 6.x-2.10 and 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to access Views using the "me" user argument handler by substituting "me" for a user id in a URL. | |||||
| CVE-2014-6626 | 1 Arubanetworks | 1 Clearpass | 2025-04-12 | 10.0 HIGH | N/A |
| Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to unspecified administrative functions, which allows remote attackers to bypass authentication and execute administrative actions via unknown vectors. | |||||
| CVE-2016-4760 | 2 Apple, Microsoft | 4 Iphone Os, Itunes, Safari and 1 more | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support. | |||||
| CVE-2016-3319 | 1 Microsoft | 4 Edge, Windows 10, Windows 8.1 and 1 more | 2025-04-12 | 9.3 HIGH | 7.0 HIGH |
| The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allows remote attackers to execute arbitrary code via a crafted PDF file, aka "Microsoft PDF Remote Code Execution Vulnerability." | |||||
| CVE-2016-2278 | 1 Schneider-electric | 4 Struxureware Building Operations Automation Server As, Struxureware Building Operations Automation Server As-p, Struxureware Building Operations Automation Server As-p Firmware and 1 more | 2025-04-12 | 9.0 HIGH | 7.2 HIGH |
| Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh (aka Minimal Shell) protection mechanism. | |||||
| CVE-2016-2929 | 1 Ibm | 1 Bigfix Remote Control | 2025-04-12 | 4.3 MEDIUM | 8.1 HIGH |
| IBM BigFix Remote Control before 9.1.3 does not properly restrict password choices, which makes it easier for remote attackers to obtain access via a brute-force approach. | |||||
| CVE-2016-8285 | 1 Oracle | 1 Peoplesoft Enterprise Human Capital Management Candidate Gateway | 2025-04-12 | 4.9 MEDIUM | 4.8 MEDIUM |
| Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote administrators to affect confidentiality and integrity via vectors related to Candidate Gateway. | |||||
| CVE-2015-3213 | 1 Clutter Project | 1 Clutter | 2025-04-12 | 7.2 HIGH | N/A |
| The gesture handling code in Clutter before 1.16.2 allows physically proximate attackers to bypass the lock screen via certain (1) mouse or (2) touch gestures. | |||||
| CVE-2016-5620 | 1 Oracle | 1 Flexcube Universal Banking | 2025-04-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to INFRA, a different vulnerability than CVE-2016-5619. | |||||
| CVE-2015-2816 | 1 Sap | 1 Afaria | 2025-04-12 | 7.5 HIGH | N/A |
| The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict access, which allows remote attackers to have unspecified impact via a crafted request, aka SAP Security Note 2134905. | |||||
| CVE-2016-5578 | 1 Oracle | 1 Outside In Technology | 2025-04-12 | 7.5 HIGH | 8.6 HIGH |
| Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5558, CVE-2016-5574, CVE-2016-5577, CVE-2016-5579, and CVE-2016-5588. | |||||