Total
3171 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-8330 | 1 Oracle | 1 Solaris | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data. CVSS v3.0 Base Score 3.7 (Integrity impacts). | |||||
CVE-2016-0202 | 1 Ibm | 1 Cloud Orchestrator | 2023-12-10 | 2.1 LOW | 3.3 LOW |
A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain. | |||||
CVE-2017-8933 | 1 Libmenu-cache Project | 1 Libmenu-cache | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Libmenu-cache 1.0.2 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (menu unavailability). | |||||
CVE-2017-3235 | 1 Oracle | 1 Flexcube Universal Banking | 2023-12-10 | 3.6 LOW | 3.5 LOW |
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows physical access to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 3.5 (Confidentiality and Integrity impacts). | |||||
CVE-2016-1551 | 2 Ntp, Ntpsec | 2 Ntp, Ntpsec | 2023-12-10 | 2.6 LOW | 3.7 LOW |
ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock's peer record and will be treated as a trusted peer. Any system that lacks the typical martian packet filtering which would block these packets is in danger of having its time controlled by an attacker. | |||||
CVE-2017-2351 | 1 Apple | 1 Iphone Os | 2023-12-10 | 2.1 LOW | 2.4 LOW |
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WiFi" component, which allows physically proximate attackers to bypass the activation-lock protection mechanism and view the home screen via unspecified vectors. | |||||
CVE-2017-3032 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 code-stream parser. | |||||
CVE-2016-9932 | 1 Xen | 1 Xen | 2023-12-10 | 2.1 LOW | 3.3 LOW |
CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix. | |||||
CVE-2017-3020 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the weblink module. | |||||
CVE-2016-7227 | 1 Microsoft | 2 Edge, Internet Explorer | 2023-12-10 | 2.6 LOW | 3.1 LOW |
The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of local files via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability." | |||||
CVE-2017-3322 | 1 Oracle | 1 Mysql Cluster | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: NDBAPI). Supported versions that are affected are 7.2.25 and earlier, 7.3.14 and earlier, 7.4.12 and earlier and . Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS v3.0 Base Score 3.7 (Availability impacts). | |||||
CVE-2016-9085 | 2 Fedoraproject, Webmproject | 2 Fedora, Libwebp | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors. | |||||
CVE-2016-0394 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2023-12-10 | 2.1 LOW | 3.3 LOW |
IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files. | |||||
CVE-2017-2384 | 1 Apple | 1 Iphone Os | 2023-12-10 | 2.1 LOW | 3.3 LOW |
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves mishandling of deletion within the SQLite subsystem of the "Safari" component. It allows local users to identify the web-site visits that occurred in Private Browsing mode. | |||||
CVE-2016-0378 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3, when the installation lacks a default error page, allows remote attackers to obtain sensitive information by triggering an exception. | |||||
CVE-2017-2109 | 1 Cybozu | 1 Kunai | 2023-12-10 | 2.6 LOW | 2.5 LOW |
Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application. | |||||
CVE-2016-2567 | 1 Samsung | 4 Galaxy Note 3, Galaxy Note 3 Firmware, Galaxy S6 and 1 more | 2023-12-10 | 2.1 LOW | 3.3 LOW |
secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an "exceptional URL" in the query string, as demonstrated by the http://should-have-been-filtered.example.com/?http://google.com URL. | |||||
CVE-2017-3033 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling JPEG 2000 code-stream tile data. | |||||
CVE-2016-8314 | 1 Oracle | 1 Flexcube Core Banking | 2023-12-10 | 3.5 LOW | 3.1 LOW |
Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 5.1.0, 5.2.0 and 11.5.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Core Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Core Banking accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts). | |||||
CVE-2016-7664 | 1 Apple | 1 Iphone Os | 2023-12-10 | 2.1 LOW | 2.4 LOW |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Accessibility" component. which allows physically proximate attackers to obtain sensitive photo and contact information by leveraging the availability of excessive options during lockscreen access. |