Total
1302 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-0391 | 1 Ibm | 2 Bluemix, Watson Developer Cloud | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The IBM Watson Developer Cloud services on Bluemix platforms do not properly generate random numbers for service-instance credentials, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. | |||||
CVE-2016-6826 | 1 Huawei | 1 Anyoffice Secureapp | 2023-12-10 | 7.1 HIGH | 6.5 MEDIUM |
Huawei AnyMail before 2.6.0301.0060 allows remote attackers to cause a denial of service (application crash) via a crafted compressed email attachment. | |||||
CVE-2015-3854 | 1 Google | 1 Android | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission requirement via a broadcast intent with the PNW.stopSaver action, aka internal bug 20918350. | |||||
CVE-2016-6690 | 1 Google | 1 Android | 2023-12-10 | 7.1 HIGH | 5.5 MEDIUM |
The sound driver in the kernel in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Nexus Player devices allows attackers to cause a denial of service (reboot) via a crafted application, aka internal bug 28838221. | |||||
CVE-2016-2009 | 1 Hp | 1 Network Node Manager I | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | |||||
CVE-2015-4299 | 1 Cisco | 1 Unified Web And E-mail Interaction Manager | 2023-12-10 | 5.5 MEDIUM | N/A |
Cisco Unified Web and E-Mail Interaction Manager 9.0(2) improperly performs authorization, which allows remote authenticated users to remove default messaging-queue system folders via unspecified vectors, aka Bug ID CSCuo89046. | |||||
CVE-2015-8523 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to cause a denial of service (service crash) via crafted packets to a TCP port. | |||||
CVE-2016-1672 | 5 Debian, Google, Opensuse and 2 more | 8 Debian Linux, Chrome, Leap and 5 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vectors. | |||||
CVE-2016-1668 | 3 Debian, Google, Opensuse | 3 Debian Linux, Chrome, Opensuse | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | |||||
CVE-2015-3757 | 1 Apple | 1 Mac Os X | 2023-12-10 | 2.1 LOW | N/A |
Apple OS X before 10.10.5 does not properly restrict access to the Date & Time preferences pane, which allows local users to spoof the time by visiting this pane. | |||||
CVE-2015-6848 | 1 Emc | 1 Isilon Onefs | 2023-12-10 | 8.5 HIGH | N/A |
EMC Isilon OneFS 7.1.x before 7.1.1.5, 7.2.0.x before 7.2.0.3, and 7.2.1.x before 7.2.1.1, when the RFC 2307 feature is configured but SFU is not universally present, allows remote authenticated AD users to obtain root privileges via unspecified vectors. | |||||
CVE-2015-4050 | 1 Sensiolabs | 1 Symfony | 2023-12-10 | 4.3 MEDIUM | N/A |
FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment. | |||||
CVE-2016-5589 | 1 Oracle | 1 Customer Relationship Management Technical Foundation | 2023-12-10 | 6.4 MEDIUM | 8.2 HIGH |
Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality and integrity via unknown vectors. | |||||
CVE-2016-3060 | 1 Ibm | 1 Financial Transaction Manager | 2023-12-10 | 3.5 LOW | 5.7 MEDIUM |
Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site. | |||||
CVE-2016-3878 | 1 Google | 1 Android | 2023-12-10 | 7.1 HIGH | 5.5 MEDIUM |
decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-09-01 mishandles the case of decoding zero MBs, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29493002. | |||||
CVE-2016-3923 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The Accessibility services in Android 7.0 before 2016-10-01 mishandle motion events, which allows attackers to conduct touchjacking attacks and consequently gain privileges via a crafted application, aka internal bug 30647115. | |||||
CVE-2016-5954 | 1 Ibm | 1 Websphere Portal | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF30, 8.0.0 through 8.0.0.1 CF21, and 8.5.0 before CF12 allows remote authenticated users to cause a denial of service by uploading temporary files. | |||||
CVE-2016-6140 | 1 Sap | 1 Trex | 2023-12-10 | 7.6 HIGH | 9.8 CRITICAL |
SAP TREX 7.10 Revision 63 allows remote attackers to write to arbitrary files via vectors related to RFC-Gateway, aka SAP Security Note 2203591. | |||||
CVE-2016-0340 | 1 Ibm | 1 Security Identity Manager Adapter | 2023-12-10 | 4.4 MEDIUM | 7.4 HIGH |
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session expiration, which allows remote attackers to hijack sessions by leveraging an unattended workstation. | |||||
CVE-2016-5588 | 1 Oracle | 1 Outside In Technology | 2023-12-10 | 7.5 HIGH | 8.6 HIGH |
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5558, CVE-2016-5574, CVE-2016-5577, CVE-2016-5578, and CVE-2016-5579. |