Total
2924 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7881 | 1 Colorbox Project | 1 Colorbox | 2025-04-12 | 3.5 LOW | N/A |
| The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote authenticated users with certain permissions to bypass intended access restrictions and "add unexpected content to a Colorbox" via unspecified vectors, possibly related to a link in a comment. | |||||
| CVE-2016-1200 | 1 Lockon | 1 Ec-cube | 2025-04-12 | 6.5 MEDIUM | 6.3 MEDIUM |
| The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199. | |||||
| CVE-2016-2275 | 1 Advantech | 4 Vesp211-232, Vesp211-232 Firmware, Vesp211-eu and 1 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allows remote attackers to perform administrative actions via modified JavaScript code. | |||||
| CVE-2016-4215 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors. | |||||
| CVE-2015-2847 | 1 Honeywell | 1 Tuxedo Touch | 2025-04-12 | 5.0 MEDIUM | N/A |
| Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream. | |||||
| CVE-2016-7967 | 1 Kde | 1 Kmail | 2025-04-12 | 5.8 MEDIUM | 8.1 HIGH |
| KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled. | |||||
| CVE-2015-1000009 | 1 Google-adsense-and-hotel-booking Project | 1 Google-adsense-and-hotel-booking | 2025-04-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05 | |||||
| CVE-2015-4526 | 1 Emc | 1 Recoverpoint For Virtual Machines | 2025-04-12 | 7.2 HIGH | N/A |
| EMC RecoverPoint for Virtual Machines (VMs) 4.2 allows local users to obtain root-shell access by bypassing the Installation Manager Boxmgmt CLI interface. | |||||
| CVE-2016-5615 | 1 Oracle | 1 Solaris | 2025-04-12 | 2.1 LOW | 3.3 LOW |
| Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Lynx. | |||||
| CVE-2015-3671 | 1 Apple | 1 Mac Os X | 2025-04-12 | 7.2 HIGH | N/A |
| Admin Framework in Apple OS X before 10.10.4 does not properly verify XPC entitlements, which allows local users to bypass authentication and obtain admin privileges via unspecified vectors. | |||||
| CVE-2016-1190 | 1 Cybozu | 1 Garoon | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors. | |||||
| CVE-2016-0339 | 1 Ibm | 1 Security Identity Manager Adapter | 2025-04-12 | 4.3 MEDIUM | 5.6 MEDIUM |
| IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to spoof users by leveraging knowledge of "traffic records." | |||||
| CVE-2016-0731 | 1 Apache | 1 Ambari | 2025-04-12 | 4.0 MEDIUM | 4.9 MEDIUM |
| The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration. | |||||
| CVE-2016-1805 | 1 Apple | 1 Mac Os X | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| CoreStorage in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2016-9156 | 1 Siemens | 1 Sicam Pas | 2025-04-12 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to upload, download, or delete files in certain parts of the file system by sending specially crafted packets to port 19235/TCP. | |||||
| CVE-2016-4081 | 1 Wireshark | 1 Wireshark | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | |||||
| CVE-2015-8361 | 1 Atlassian | 1 Bamboo | 2025-04-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port. | |||||
| CVE-2016-5571 | 1 Oracle | 1 Applications Dba | 2025-04-12 | 5.5 MEDIUM | 6.5 MEDIUM |
| Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.1.3 and 12.2.3 through 12.2.6 allows remote administrators to affect confidentiality and integrity via vectors related to AD Utilities, a different vulnerability than CVE-2016-5567. | |||||
| CVE-2016-1667 | 3 Debian, Google, Opensuse | 3 Debian Linux, Chrome, Opensuse | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | |||||
| CVE-2015-5913 | 1 Apple | 1 Mac Os X | 2025-04-12 | 6.8 MEDIUM | N/A |
| Heimdal, as used in Apple OS X before 10.11, allows remote attackers to conduct replay attacks against the SMB server via packet data that represents a Kerberos authenticated request. | |||||