Total
1318 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-1000010 | 1 Simple-image-manipulator Project | 1 Simple-image-manipulator | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Remote file download in simple-image-manipulator v1.0 wordpress plugin | |||||
CVE-2016-5569 | 1 Oracle | 1 Flexcube Enterprise Limits And Collateral Management | 2023-12-10 | 5.5 MEDIUM | 5.4 MEDIUM |
Unspecified vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component in Oracle Financial Services Applications 12.0.0 and 12.1.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||||
CVE-2015-1173 | 1 Unit4 | 1 Teta Web | 2023-12-10 | 7.5 HIGH | N/A |
Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 does not properly restrict access to the (1) Design Mode and (2) Debug Logger mode modules, which allows remote attackers to gain privileges via crafted "received parameters." | |||||
CVE-2016-0760 | 1 Apache | 1 Sentry | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive builtin functions. | |||||
CVE-2016-5578 | 1 Oracle | 1 Outside In Technology | 2023-12-10 | 7.5 HIGH | 8.6 HIGH |
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5558, CVE-2016-5574, CVE-2016-5577, CVE-2016-5579, and CVE-2016-5588. | |||||
CVE-2016-7107 | 1 Huawei | 1 Uma | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote attackers to reset arbitrary user passwords and consequently affect system data integrity via unspecified vectors. | |||||
CVE-2016-5536 | 1 Oracle | 1 Platform Security For Java | 2023-12-10 | 6.5 MEDIUM | 7.6 HIGH |
Unspecified vulnerability in the Oracle Platform Security for Java component in Oracle Fusion Middleware 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-8281. | |||||
CVE-2015-3073 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2023-12-10 | 10.0 HIGH | N/A |
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, and CVE-2015-3074. | |||||
CVE-2016-1797 | 1 Apple | 1 Mac Os X | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to bypass intended FontValidator sandbox-policy restrictions and execute arbitrary code in a privileged context via a crafted app. | |||||
CVE-2015-3061 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2023-12-10 | 10.0 HIGH | N/A |
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074. | |||||
CVE-2012-6689 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux kernel before 3.5.5 does not validate the dst_pid field, which allows local users to have an unspecified impact by spoofing Netlink messages. | |||||
CVE-2016-1842 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic. | |||||
CVE-2015-3691 | 1 Apple | 1 Mac Os X | 2023-12-10 | 9.3 HIGH | N/A |
The Monitor Control Command Set kernel extension in the Display Drivers subsystem in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages control of a function pointer. | |||||
CVE-2015-7395 | 1 Ibm | 11 Change And Configuration Management Database, Maximo Asset Management, Maximo For Government and 8 more | 2023-12-10 | 4.0 MEDIUM | N/A |
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended work-order change restrictions via unspecified vectors. | |||||
CVE-2016-5386 | 4 Fedoraproject, Golang, Oracle and 1 more | 6 Fedora, Go, Linux and 3 more | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | |||||
CVE-2016-5527 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5524. | |||||
CVE-2016-1608 | 1 Novell | 1 Filr | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer parameter. | |||||
CVE-2016-3165 | 1 Drupal | 1 Drupal | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The Form API in Drupal 6.x before 6.38 ignores access restrictions on submit buttons, which might allow remote attackers to bypass intended access restrictions by leveraging permission to submit a form with a button that has "#access" set to FALSE in the server-side form definition. | |||||
CVE-2016-3274 | 1 Microsoft | 2 Edge, Internet Explorer | 2023-12-10 | 2.6 LOW | 3.1 LOW |
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to conduct content-spoofing attacks via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability." | |||||
CVE-2016-5176 | 1 Google | 1 Chrome | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors. |