Search
Total
350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2100 | 1 Theforeman | 1 Foreman | 2018-01-05 | 6.5 MEDIUM | 5.4 MEDIUM |
| Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission. | |||||
| CVE-2016-5217 | 1 Google | 1 Chrome | 2018-01-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolation via a crafted HTML page. | |||||
| CVE-2015-8845 | 3 Linux, Novell, Suse | 8 Linux Kernel, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 5 more | 2018-01-05 | 4.9 MEDIUM | 5.5 MEDIUM |
| The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. | |||||
| CVE-2016-5192 | 1 Google | 1 Chrome | 2018-01-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages. | |||||
| CVE-2016-3107 | 1 Pulpproject | 1 Pulp | 2018-01-05 | 2.1 LOW | 5.5 MEDIUM |
| The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data. | |||||
| CVE-2016-3044 | 1 Ibm | 1 Powerkvm | 2018-01-05 | 4.9 MEDIUM | 6.5 MEDIUM |
| The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 and 3.1 before 3.1.0.2 allows guest OS users to cause a denial of service (host OS infinite loop and hang) via unspecified vectors. | |||||
| CVE-2016-5176 | 1 Google | 1 Chrome | 2018-01-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors. | |||||
| CVE-2016-6338 | 1 Redhat | 1 Enterprise Virtualization | 2017-12-13 | 4.6 MEDIUM | 6.8 MEDIUM |
| ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restriction via vectors related to UI selections, which trigger repeating queries. | |||||
| CVE-2016-5341 | 1 Google | 1 Android | 2017-12-06 | 7.1 HIGH | 5.9 MEDIUM |
| The GPS component in Android before 2016-12-05 allows man-in-the-middle attackers to cause a denial of service (GPS signal-acquisition delay) via an incorrect xtra.bin or xtra2.bin file on a spoofed Qualcomm gpsonextra.net or izatcloud.net host, aka internal bug 31470303 and external bug 211602 (and AndroidID-7225554). | |||||
| CVE-2015-8140 | 1 Ntp | 1 Ntp | 2017-11-21 | 5.8 MEDIUM | 4.8 MEDIUM |
| The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network. | |||||
| CVE-2015-8139 | 1 Ntp | 1 Ntp | 2017-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors. | |||||
| CVE-2016-5943 | 1 Ibm | 1 Spectrum Control | 2017-11-13 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to bypass intended access restrictions, and read task details or edit properties, via unspecified vectors. | |||||
| CVE-2016-10514 | 1 Piwigo | 1 Piwigo | 2017-11-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring. | |||||
| CVE-2012-4379 | 1 Mediawiki | 1 Mediawiki | 2017-10-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element. | |||||
| CVE-2015-7315 | 1 Plone | 1 Plone | 2017-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator. | |||||
| CVE-2015-0110 | 1 Ibm | 2 Business Process Manager, Websphere Application Server | 2017-09-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL. | |||||
| CVE-2015-5293 | 1 Redhat | 1 Enterprise Virtualization Manager | 2017-09-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable. | |||||
| CVE-2014-8677 | 1 Soplanning | 1 Soplanning | 2017-09-06 | 3.5 LOW | 5.3 MEDIUM |
| The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, or if PHP before 5.2 is being used, the configuration database is down, and smarty/templates_c is not writable to execute arbitrary php code via a crafted database name. | |||||
| CVE-2016-9111 | 1 Citrix | 1 Receiver Desktop | 2017-09-06 | 4.6 MEDIUM | 6.8 MEDIUM |
| Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection of a LAN cable. NOTE: as of 20161208, the vendor could not reproduce the issue, stating "the researcher was unable to provide us with information that would allow us to confirm the behaviour and, despite extensive investigation on test deployments of supported products, we were unable to reproduce the behaviour as he described. The researcher has also, despite additional requests for information, ceased to respond to us." | |||||
| CVE-2014-8168 | 1 Redhat | 1 Satellite | 2017-09-04 | 4.6 MEDIUM | 6.1 MEDIUM |
| Red Hat Satellite 6 allows local users to access mongod and delete pulp_database. | |||||
| CVE-2016-0357 | 1 Ibm | 1 Security Identity Manager Adapter | 2017-09-01 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows remote attackers to conduct clickjacking attacks via a crafted web site. | |||||
| CVE-2016-0339 | 1 Ibm | 1 Security Identity Manager Adapter | 2017-09-01 | 4.3 MEDIUM | 5.6 MEDIUM |
| IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to spoof users by leveraging knowledge of "traffic records." | |||||
| CVE-2016-5130 | 1 Google | 1 Chrome | 2017-09-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site. | |||||
| CVE-2016-2989 | 1 Ibm | 1 Connections Portlets | 2017-09-01 | 5.8 MEDIUM | 6.5 MEDIUM |
| Open redirect vulnerability in the Connections Portlets component 5.x before 5.0.2 for IBM WebSphere Portal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2015-2687 | 1 Openstack | 1 Compute | 2017-08-24 | 1.9 LOW | 4.7 MEDIUM |
| OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for. | |||||
| CVE-2016-1474 | 1 Cisco | 1 Prime Infrastructure | 2017-08-16 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cisco Prime Infrastructure 2.2(2) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuw65846, a different vulnerability than CVE-2015-6434. | |||||
| CVE-2016-3880 | 1 Google | 1 Android | 2017-08-13 | 7.1 HIGH | 5.5 MEDIUM |
| Multiple buffer overflows in rtsp/ASessionDescription.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 25747670. | |||||
| CVE-2016-3883 | 1 Google | 1 Android | 2017-08-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| internal/telephony/SMSDispatcher.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not properly construct warnings about premium SMS messages, which allows attackers to spoof the premium-payment confirmation dialog via a crafted application, aka internal bug 28557603. | |||||
| CVE-2016-3898 | 1 Google | 1 Android | 2017-08-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| Telephony in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows attackers to cause a denial of service (loss of locked-screen 911 TTY functionality) via a crafted application that modifies the TTY mode by broadcasting an intent, aka internal bug 29832693. | |||||
| CVE-2016-3899 | 1 Google | 1 Android | 2017-08-13 | 7.1 HIGH | 5.5 MEDIUM |
| OMXCodec.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not validate a certain pointer, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29421811. | |||||
| CVE-2016-4305 | 1 Kaspersky | 1 Internet Security | 2017-08-13 | 2.1 LOW | 5.5 MEDIUM |
| A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An attacker can run program from user-mode to trigger this vulnerability. | |||||
| CVE-2016-4304 | 1 Kaspersky | 1 Internet Security | 2017-08-13 | 2.1 LOW | 5.5 MEDIUM |
| A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An attacker can run program from user-mode to trigger this vulnerability. | |||||
| CVE-2016-4307 | 1 Kaspersky | 1 Internet Security | 2017-08-13 | 2.1 LOW | 5.5 MEDIUM |
| A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver. A specially crafted IOCTL signal can cause an access violation in KL1 kernel driver resulting in local system denial of service. An attacker can run a program from user-mode to trigger this vulnerability. | |||||
| CVE-2016-3884 | 1 Google | 1 Android | 2017-08-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| server/notification/NotificationManagerService.java in the Notification Manager Service in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 lacks uid checks, which allows attackers to bypass intended restrictions on method calls via a crafted application, aka internal bug 29421441. | |||||
| CVE-2016-3878 | 1 Google | 1 Android | 2017-08-13 | 7.1 HIGH | 5.5 MEDIUM |
| decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-09-01 mishandles the case of decoding zero MBs, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29493002. | |||||
| CVE-2016-3879 | 1 Google | 1 Android | 2017-08-13 | 7.1 HIGH | 5.5 MEDIUM |
| arm-wt-22k/lib_src/eas_mdls.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows remote attackers to cause a denial of service (NULL pointer dereference, and device hang or reboot) via a crafted media file, aka internal bug 29770686. | |||||
| CVE-2016-4760 | 2 Apple, Microsoft | 4 Iphone Os, Itunes, Safari and 1 more | 2017-07-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support. | |||||
| CVE-2016-5566 | 1 Oracle | 1 Solaris | 2017-07-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect confidentiality via unknown vectors. | |||||
| CVE-2016-5569 | 1 Oracle | 1 Flexcube Enterprise Limits And Collateral Management | 2017-07-29 | 5.5 MEDIUM | 5.4 MEDIUM |
| Unspecified vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component in Oracle Financial Services Applications 12.0.0 and 12.1.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2016-5570 | 1 Oracle | 1 Applications Dba | 2017-07-29 | 5.5 MEDIUM | 6.5 MEDIUM |
| Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.2.3 through 12.2.6 allows remote administrators to affect confidentiality and integrity via vectors related to AD Utilities. | |||||
| CVE-2016-5571 | 1 Oracle | 1 Applications Dba | 2017-07-29 | 5.5 MEDIUM | 6.5 MEDIUM |
| Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.1.3 and 12.2.3 through 12.2.6 allows remote administrators to affect confidentiality and integrity via vectors related to AD Utilities, a different vulnerability than CVE-2016-5567. | |||||
| CVE-2016-5575 | 1 Oracle | 1 Common Applications | 2017-07-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality via vectors related to Resources Module. | |||||
| CVE-2016-5576 | 1 Oracle | 1 Solaris | 2017-07-29 | 4.9 MEDIUM | 5.5 MEDIUM |
| Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel Zones. | |||||
| CVE-2016-5581 | 1 Oracle | 1 Irecruitment | 2017-07-29 | 4.6 MEDIUM | 6.6 MEDIUM |
| Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2016-5585 | 1 Oracle | 1 Interaction Center Intelligence | 2017-07-29 | 6.4 MEDIUM | 6.5 MEDIUM |
| Unspecified vulnerability in the Oracle Interaction Center Intelligence component in Oracle E-Business Suite 12.1.1 through 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2016-5594 | 1 Oracle | 1 Flexcube Universal Banking | 2017-07-29 | 4.0 MEDIUM | 5.0 MEDIUM |
| Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, and 12.0.1 through 12.0.3 allows remote authenticated users to affect confidentiality via vectors related to INFRA. | |||||
| CVE-2016-5622 | 1 Oracle | 1 Flexcube Universal Banking | 2017-07-29 | 7.8 HIGH | 6.1 MEDIUM |
| Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote attackers to affect confidentiality and integrity via vectors related to INFRA. | |||||
| CVE-2016-5600 | 1 Oracle | 1 Peoplesoft Enterprise Supply Chain Management Services Procurement | 2017-07-29 | 5.5 MEDIUM | 5.4 MEDIUM |
| Unspecified vulnerability in the PeopleSoft Enterprise SCM Services Procurement component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2016-8285 | 1 Oracle | 1 Peoplesoft Enterprise Human Capital Management Candidate Gateway | 2017-07-29 | 4.9 MEDIUM | 4.8 MEDIUM |
| Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote administrators to affect confidentiality and integrity via vectors related to Candidate Gateway. | |||||
| CVE-2016-5604 | 1 Oracle | 1 Enterprise Manager Base Platform | 2017-07-29 | 3.3 LOW | 6.3 MEDIUM |
| Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect confidentiality and integrity via vectors related to Security Framework, a different vulnerability than CVE-2016-3563. | |||||