Total
2988 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3713 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 5.6 MEDIUM | 7.1 HIGH |
| The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel before 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or write to the kvm_arch_vcpu data structure, and consequently obtain sensitive information or cause a denial of service (system crash), via a crafted ioctl call. | |||||
| CVE-2016-6898 | 1 Huawei | 1 E9000 Chassis | 2025-04-12 | 4.9 MEDIUM | 6.6 MEDIUM |
| XML external entity (XXE) vulnerability in the Hyper Management Module (HMM) in Huawei E9000 rack servers with software before V100R001C00SPC296 allows remote authenticated users to read arbitrary files or cause a denial of service (web service outage) via a crafted XML document. | |||||
| CVE-2016-5592 | 1 Oracle | 1 Customer Interaction History | 2025-04-12 | 6.4 MEDIUM | 8.2 HIGH |
| Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5595. | |||||
| CVE-2014-2174 | 1 Cisco | 2 Telepresence Tc Software, Telepresence Te Software | 2025-04-12 | 8.3 HIGH | N/A |
| Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7.1 do not properly implement access control, which allows remote attackers to obtain root privileges by sending packets on the local network and allows physically proximate attackers to obtain root privileges via unspecified vectors, aka Bug ID CSCub67651. | |||||
| CVE-2016-9836 | 1 Joomla | 1 Joomla\! | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the `.php6`, `.php7`, `.phtml`, and `.phpt` extensions. Additionally, JHelperMedia::canUpload() did not blacklist these file extensions as uploadable file types. | |||||
| CVE-2016-3898 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| Telephony in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows attackers to cause a denial of service (loss of locked-screen 911 TTY functionality) via a crafted application that modifies the TTY mode by broadcasting an intent, aka internal bug 29832693. | |||||
| CVE-2016-5506 | 1 Oracle | 1 Identity Manager | 2025-04-12 | 3.3 LOW | 3.1 LOW |
| Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware allows local users to affect confidentiality and integrity via vectors related to App Server. | |||||
| CVE-2016-0289 | 1 Ibm | 1 Maximo Asset Management | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| shiprec.xml in the SHIPREC application in IBM Maximo Asset Management 7.1 and 7.5 before 7.5.0.10 and 7.6 before 7.6.0.4 allows remote authenticated users to bypass intended item-selection restrictions via unspecified vectors. | |||||
| CVE-2016-4502 | 1 Envirosys | 1 Esc 8832 Data Controller | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier allows remote attackers to bypass intended access restrictions and execute arbitrary functions via a modified parameter. | |||||
| CVE-2016-0319 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 allows remote authenticated administrators to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2015-1000010 | 1 Simple-image-manipulator Project | 1 Simple-image-manipulator | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Remote file download in simple-image-manipulator v1.0 wordpress plugin | |||||
| CVE-2016-0142 | 1 Microsoft | 5 Windows 10, Windows 7, Windows 8.1 and 2 more | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Video Control Remote Code Execution Vulnerability." | |||||
| CVE-2016-6317 | 1 Rubyonrails | 1 Rails | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155. | |||||
| CVE-2016-5341 | 1 Google | 1 Android | 2025-04-12 | 7.1 HIGH | 5.9 MEDIUM |
| The GPS component in Android before 2016-12-05 allows man-in-the-middle attackers to cause a denial of service (GPS signal-acquisition delay) via an incorrect xtra.bin or xtra2.bin file on a spoofed Qualcomm gpsonextra.net or izatcloud.net host, aka internal bug 31470303 and external bug 211602 (and AndroidID-7225554). | |||||
| CVE-2016-5192 | 1 Google | 1 Chrome | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages. | |||||
| CVE-2015-4299 | 1 Cisco | 1 Unified Web And E-mail Interaction Manager | 2025-04-12 | 5.5 MEDIUM | N/A |
| Cisco Unified Web and E-Mail Interaction Manager 9.0(2) improperly performs authorization, which allows remote authenticated users to remove default messaging-queue system folders via unspecified vectors, aka Bug ID CSCuo89046. | |||||
| CVE-2016-1371 | 2 Canonical, Clamav | 2 Ubuntu Linux, Clamav | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable. | |||||
| CVE-2016-5954 | 1 Ibm | 1 Websphere Portal | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF30, 8.0.0 through 8.0.0.1 CF21, and 8.5.0 before CF12 allows remote authenticated users to cause a denial of service by uploading temporary files. | |||||
| CVE-2015-0297 | 1 Redhat | 1 Jboss Operations Network | 2025-04-12 | 9.0 HIGH | N/A |
| Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager. | |||||
| CVE-2016-6802 | 1 Apache | 1 Shiro | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path. | |||||