Total
3244 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-5466 | 1 Oracle | 1 Siebel Core-server Framework | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors related to Services, a different vulnerability than CVE-2016-3450 and CVE-2016-5460. | |||||
CVE-2016-1862 | 1 Apple | 1 Mac Os X | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1860. | |||||
CVE-2016-5490 | 1 Oracle | 1 Flexcube Universal Banking | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.4.0 allows local users to affect confidentiality via vectors related to INFRA. | |||||
CVE-2016-5444 | 4 Ibm, Mariadb, Oracle and 1 more | 11 Powerkvm, Mariadb, Linux and 8 more | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection. | |||||
CVE-2016-1796 | 1 Apple | 1 Mac Os X | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds memory access) via a crafted app. | |||||
CVE-2016-4749 | 1 Apple | 1 Iphone Os | 2023-12-10 | 2.1 LOW | 3.3 LOW |
Printing UIKit in Apple iOS before 10 mishandles environment variables, which allows local users to discover cleartext AirPrint preview content by reading a temporary file. | |||||
CVE-2016-1000033 | 2 Gnome, Redhat | 2 Shotwell, Enterprise Linux | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks. | |||||
CVE-2016-3531 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2023-12-10 | 3.5 LOW | 3.5 LOW |
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to PC / Notification. | |||||
CVE-2016-0137 | 1 Microsoft | 1 Office | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
The Click-to-Run (C2R) implementation in Microsoft Office 2013 SP1 and 2016 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Microsoft APP-V ASLR Bypass." | |||||
CVE-2016-5849 | 1 Siemens | 1 Sicam Pas\/pqs | 2023-12-10 | 1.9 LOW | 2.5 LOW |
Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage. | |||||
CVE-2016-3274 | 1 Microsoft | 2 Edge, Internet Explorer | 2023-12-10 | 2.6 LOW | 3.1 LOW |
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to conduct content-spoofing attacks via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability." | |||||
CVE-2016-0380 | 1 Ibm | 1 Sterling Connect\ | 2023-12-10 | 2.1 LOW | 3.3 LOW |
IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via standard filesystem operations. | |||||
CVE-2016-6224 | 2 Canonical, Ecryptfs | 2 Ubuntu Linux, Ecryptfs-utils | 2023-12-10 | 2.1 LOW | 3.3 LOW |
ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8946. | |||||
CVE-2016-3344 | 1 Microsoft | 1 Windows 10 | 2023-12-10 | 2.1 LOW | 3.3 LOW |
The Secure Kernel Mode feature in Microsoft Windows 10 Gold and 1511 allows local users to obtain sensitive information via a crafted application, aka "Windows Secure Kernel Mode Information Disclosure Vulnerability." | |||||
CVE-2016-4516 | 1 Abb | 1 Pcm600 | 2023-12-10 | 2.1 LOW | 3.3 LOW |
ABB PCM600 before 2.7 improperly stores the main application password after a password change, which allows local users to obtain sensitive information via unspecified vectors. | |||||
CVE-2015-7435 | 1 Ibm | 1 Tivoli Common Reporting | 2023-12-10 | 1.9 LOW | 2.5 LOW |
IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 allows local users to bypass the Cognos Application Firewall (CAF) protection mechanism via leading whitespace in the BackURL field. | |||||
CVE-2016-4751 | 1 Apple | 1 Safari | 2023-12-10 | 4.3 MEDIUM | 3.5 LOW |
The Safari Tabs component in Apple Safari before 10 allows remote attackers to spoof the address bar of a tab via a crafted web site. | |||||
CVE-2016-5702 | 1 Phpmyadmin | 1 Phpmyadmin | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI. | |||||
CVE-2015-7519 | 1 Phusionpassenger | 1 Phusion Passenger | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X_User header. | |||||
CVE-2016-4739 | 1 Apple | 1 Mac Os X | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
mDNSResponder in Apple OS X before 10.12, when VMnet.framework is used, arranges for a DNS proxy to listen on all interfaces, which allows remote attackers to obtain sensitive information by sending a DNS query to an unintended interface. |