Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0522 | 1 Oracle | 1 Retail Open Commerce Platform Cloud Service | 2016-06-08 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Oracle Retail Open Commerce Platform Cloud Service component in Oracle Retail Applications 3.5, 4.5, 4.7, and 5.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Framework. | |||||
| CVE-2016-0508 | 1 Oracle | 1 Ilearning | 2016-06-08 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 6.0 and 6.1 allows remote attackers to affect integrity via unknown vectors related to Learner Administration. | |||||
| CVE-2016-0587 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2016-06-08 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality via unknown vectors related to File Processing. | |||||
| CVE-2016-0500 | 1 Oracle | 1 Retail Order Broker Cloud Service | 2016-06-08 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Oracle Retail Order Broker Cloud Service component in Oracle Retail Applications 4.0 and 4.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to System Administration. | |||||
| CVE-2016-0501 | 1 Oracle | 1 Secure Global Desktop | 2016-06-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.2 allows remote attackers to affect availability via vectors related to SGD Core. | |||||
| CVE-2016-0460 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2016-06-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.55 allows remote attackers to affect integrity via unknown vectors related to Fluid Homepage and NavBar. | |||||
| CVE-2016-0473 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2016-06-08 | 3.5 LOW | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect integrity via unknown vectors related to Fluid Core. | |||||
| CVE-2016-0474 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2016-06-08 | 3.5 LOW | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology. | |||||
| CVE-2016-0463 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2016-06-08 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality via unknown vectors related to Portal. | |||||
| CVE-2016-0471 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2016-06-08 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote attackers to affect confidentiality via unknown vectors related to Multichannel Framework. | |||||
| CVE-2016-0453 | 1 Oracle | 1 Fusion Middleware | 2016-06-08 | 1.8 LOW | N/A |
| Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.1.2 allows remote attackers to affect integrity via unknown vectors related to Embedded Server. | |||||
| CVE-2016-0441 | 1 Oracle | 1 Fusion Middleware | 2016-06-08 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Embedded Server. | |||||
| CVE-2016-0438 | 1 Oracle | 1 Retail Applications | 2016-06-08 | 1.9 LOW | N/A |
| Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS, a different vulnerability than CVE-2016-0434, CVE-2016-0436, and CVE-2016-0437. | |||||
| CVE-2014-9747 | 2 Debian, Freetype | 2 Debian Linux, Freetype | 2016-06-08 | 5.0 MEDIUM | 7.5 HIGH |
| The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font. | |||||
| CVE-2016-4502 | 1 Envirosys | 1 Esc 8832 Data Controller | 2016-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier allows remote attackers to bypass intended access restrictions and execute arbitrary functions via a modified parameter. | |||||
| CVE-2016-4501 | 1 Envirosys | 1 Esc 8832 Data Controller | 2016-06-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors. | |||||
| CVE-2016-4505 | 1 Resourcedm | 1 Intuitive 650 Tdb Controller | 2016-06-07 | 9.0 HIGH | 8.8 HIGH |
| Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allow remote authenticated users to modify arbitrary passwords via unspecified vectors. | |||||
| CVE-2016-4506 | 1 Resourcedm | 1 Intuitive 650 Tdb Controller | 2016-06-07 | 6.0 MEDIUM | 8.0 HIGH |
| Cross-site request forgery (CSRF) vulnerability on Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allows remote authenticated users to hijack the authentication of arbitrary users. | |||||
| CVE-2016-1403 | 1 Cisco | 1 Ip Phone 8800 Series Firmware | 2016-06-07 | 7.2 HIGH | 7.8 HIGH |
| CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005. | |||||
| CVE-2016-1211 | 1 Epoch | 1 Web Mailing List | 2016-06-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Epoch Web Mailing List 0.31 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-3944 | 1 Lenovo | 1 Accelerator Application | 2016-06-07 | 9.3 HIGH | 7.5 HIGH |
| UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com. | |||||
| CVE-2016-1212 | 1 Futomi | 1 Mp Form Mail Cgi | 2016-06-06 | 4.0 MEDIUM | 2.7 LOW |
| Directory traversal vulnerability in futomi MP Form Mail CGI Professional Edition 3.2.3 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors. | |||||
| CVE-2016-4812 | 1 Markdown On Saved Improved Project | 1 Markdown On Saved Improved | 2016-06-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Markdown on Save Improved plugin before 2.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-1230 | 1 Ntt | 1 Webarena Service Formmail | 2016-06-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in NTT PC Communications WebARENA Service formmail before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-4347 | 2016-06-06 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-7558. Reason: This candidate is a reservation duplicate of CVE-2015-7558. Notes: All CVE users should reference CVE-2015-7558 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2016-1902 | 2 Debian, Sensiolabs | 2 Debian Linux, Symfony | 2016-06-03 | 5.0 MEDIUM | 7.5 HIGH |
| The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors. | |||||
| CVE-2016-4423 | 2 Debian, Sensiolabs | 2 Debian Linux, Symfony | 2016-06-03 | 5.0 MEDIUM | 7.5 HIGH |
| The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames. | |||||
| CVE-2016-0879 | 1 Moxa | 2 Edr-g903, Edr G903 Firmware | 2016-06-02 | 7.8 HIGH | 7.5 HIGH |
| Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL. | |||||
| CVE-2014-2299 | 1 Wireshark | 1 Wireshark | 2016-06-02 | 9.3 HIGH | N/A |
| Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data. | |||||
| CVE-2014-2469 | 1 Oracle | 1 Sunos | 2016-06-02 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in lighttpd in Oracle Solaris 11.1 allows attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2014-1471 | 1 Otrs | 1 Otrs | 2016-06-02 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL. | |||||
| CVE-2014-9023 | 1 Twilio Project | 1 Twilio | 2016-06-02 | 5.5 MEDIUM | N/A |
| The Twilio module 7.x-1.x before 7.x-1.9 for Drupal does not properly restrict access to the Twilio administration pages, which allows remote authenticated users to read and modify authentication tokens by leveraging the "access administration pages" Drupal permission. | |||||
| CVE-2016-4500 | 1 Moxa | 2 Uc-7408 Lx-plus, Uc-7408 Lx-plus Firmware | 2016-06-01 | 4.9 MEDIUM | 5.8 MEDIUM |
| Moxa UC-7408 LX-Plus devices allow remote authenticated users to write to the firmware, and consequently render a device unusable, by leveraging root access. | |||||
| CVE-2014-2656 | 2016-06-01 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that the vulnerability report was not valid. Notes: none. | |||||
| CVE-2016-4521 | 1 Sixnet | 4 Bt-5 Series Cellular Router, Bt-5 Series Cellular Router Firmware, Bt-6 Series Cellular Router and 1 more | 2016-06-01 | 10.0 HIGH | 9.8 CRITICAL |
| Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before 3.9.8 have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2015-7876 | 1 Drupal 7 Driver For Sql Server And Sql Azure Project | 1 Drupal 7 Driver For Sql Server And Sql Azure | 2016-06-01 | 7.5 HIGH | N/A |
| The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver for SQL Server and SQL Azure 7.x-1.x before 7.x-1.4 does not properly escape certain characters, which allows remote attackers to execute arbitrary SQL commands via vectors involving a module using the db_like function. | |||||
| CVE-2015-8672 | 1 Huawei | 5 Te30, Te40, Te50 and 2 more | 2016-06-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| The presentation transmission permission management mechanism in Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 allows remote attackers to cause a denial of service (wired presentation outage) via unspecified vectors involving a wireless presentation. | |||||
| CVE-2016-0876 | 1 Moxa | 2 Edr-g903, Edr G903 Firmware | 2016-06-01 | 5.0 MEDIUM | 7.5 HIGH |
| Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passwords by reading a configuration file. | |||||
| CVE-2016-0877 | 1 Moxa | 2 Edr-g903, Edr G903 Firmware | 2016-05-31 | 7.8 HIGH | 7.5 HIGH |
| Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a denial of service (memory consumption) by executing the ping function. | |||||
| CVE-2016-0875 | 1 Moxa | 2 Edr-g903, Edr G903 Firmware | 2016-05-31 | 5.0 MEDIUM | 7.5 HIGH |
| Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL. | |||||
| CVE-2016-1413 | 1 Cisco | 1 Firepower Management Center | 2016-05-31 | 4.0 MEDIUM | 6.5 MEDIUM |
| The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517. | |||||
| CVE-2016-0878 | 1 Moxa | 2 Edr-g903, Edr G903 Firmware | 2016-05-31 | 7.8 HIGH | 7.5 HIGH |
| Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to cause a denial of service (cold start) by sending two crafted ping requests. | |||||
| CVE-2016-2354 | 1 Lemurmonitors | 1 Bluedriver | 2016-05-31 | 8.0 HIGH | 8.8 HIGH |
| The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver before 2016-04-07 supports unrestricted pairing without a PIN, which allows remote attackers to send arbitrary CAN commands by leveraging access to a device inside or adjacent to the vehicle, as demonstrated by a CAN command to disrupt braking or steering. | |||||
| CVE-2009-1046 | 1 Linux | 1 Linux Kernel | 2016-05-31 | 4.7 MEDIUM | N/A |
| The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a small number of 3-byte UTF-8 characters, which triggers an "off-by-two memory error." NOTE: it is not clear whether this issue crosses privilege boundaries. | |||||
| CVE-2016-2331 | 1 Systech | 2 Syslink Sl-1000 Modular Gateway, Syslink Sl-1000 Modular Gateway Firmware | 2016-05-31 | 10.0 HIGH | 9.8 CRITICAL |
| The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||||
| CVE-2011-3129 | 1 Wordpress | 1 Wordpress | 2016-05-31 | 9.3 HIGH | N/A |
| The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames. | |||||
| CVE-2014-1750 | 1 Nokia Maps \& Places Project | 1 Nokia Maps \& Places | 2016-05-27 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the href parameter to page/place.html. NOTE: this was originally reported as a cross-site scripting (XSS) vulnerability, but this may be inaccurate. | |||||
| CVE-2016-3681 | 1 Huawei | 2 Mate 8, Mate 8 Firmware | 2016-05-27 | 9.3 HIGH | 7.8 HIGH |
| Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted application, aka HWPSIRT-2016-03021. | |||||
| CVE-2005-3065 | 1 Multitheftauto | 1 Multitheftauto | 2016-05-27 | 5.0 MEDIUM | N/A |
| MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted command 40 that causes a -1 length to be used and triggers an out-of-bounds read. | |||||
| CVE-2016-3680 | 1 Huawei | 2 Mate 8, Mate 8 Firmware | 2016-05-27 | 9.3 HIGH | 7.8 HIGH |
| Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted application, aka HWPSIRT-2016-03020. | |||||