Total
1318 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-4963 | 1 Xen | 1 Xen | 2023-12-10 | 1.9 LOW | 4.7 MEDIUM |
The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore. | |||||
CVE-2015-1936 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 6.0 MEDIUM | N/A |
The administrative console in IBM WebSphere Application Server (WAS) 8.0.0 before 8.0.0.11 and 8.5 before 8.5.5.6, when the Security feature is disabled, allows remote authenticated users to hijack sessions via the JSESSIONID parameter. | |||||
CVE-2016-4215 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors. | |||||
CVE-2016-1117 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2016-1038, CVE-2016-1039, CVE-2016-1040, CVE-2016-1041, CVE-2016-1042, CVE-2016-1044, and CVE-2016-1062. | |||||
CVE-2016-6802 | 1 Apache | 1 Shiro | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path. | |||||
CVE-2015-3065 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2023-12-10 | 10.0 HIGH | N/A |
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, and CVE-2015-3074. | |||||
CVE-2016-5661 | 1 Accela | 1 Civic Platform Citizen Access Portal | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Accela Civic Platform Citizen Access portal relies on the client to restrict file types for uploads, which allows remote authenticated users to execute arbitrary code via modified _EventArgument and filename parameters. | |||||
CVE-2015-4302 | 1 Cisco | 1 Firesight System Software | 2023-12-10 | 6.4 MEDIUM | N/A |
The web interface in Cisco FireSIGHT Management Center 5.3.1.4 allows remote attackers to delete arbitrary system policies via modified parameters in a POST request, aka Bug ID CSCuu25390. | |||||
CVE-2016-5532 | 1 Oracle | 1 Shipping Execution | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Unspecified vulnerability in the Oracle Shipping Execution component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality via vectors related to Workflow Events. | |||||
CVE-2016-6179 | 1 Huawei | 2 Honor 6, Honor 6 Firmware | 2023-12-10 | 6.9 MEDIUM | 7.0 HIGH |
The WiFi driver in Huawei Honor 6 smartphones with software H60-L01 before H60-L01C00B850, H60-L11 before H60-L11C00B850, H60-L21 before H60-L21C00B850, H60-L02 before H60-L02C00B850, H60-L12 before H60-L12C00B850, and H60-L03 before H60-L03C01B850 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application. | |||||
CVE-2016-5533 | 1 Oracle | 1 Primavera P6 Enterprise Project Portfolio Management | 2023-12-10 | 5.5 MEDIUM | 5.4 MEDIUM |
Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.4, 15.x, and 16.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||||
CVE-2016-4502 | 1 Envirosys | 1 Esc 8832 Data Controller | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier allows remote attackers to bypass intended access restrictions and execute arbitrary functions via a modified parameter. | |||||
CVE-2016-0153 | 1 Microsoft | 6 Windows 7, Windows 8.1, Windows Rt 8.1 and 3 more | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Remote Code Execution Vulnerability." | |||||
CVE-2016-2014 | 1 Hp | 1 Network Node Manager I | 2023-12-10 | 8.5 HIGH | 8.1 HIGH |
HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. | |||||
CVE-2016-0226 | 2 Ibm, Microsoft | 2 Informix Dynamic Server, Windows | 2023-12-10 | 6.9 MEDIUM | 7.8 HIGH |
The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file. | |||||
CVE-2014-8912 | 1 Ibm | 1 Websphere Portal | 2023-12-10 | 5.0 MEDIUM | N/A |
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by configuration information. | |||||
CVE-2016-5576 | 1 Oracle | 1 Solaris | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel Zones. | |||||
CVE-2016-1190 | 1 Cybozu | 1 Garoon | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors. | |||||
CVE-2015-4051 | 1 Beckhoff | 1 Ipc Diagnostics | 2023-12-10 | 9.0 HIGH | N/A |
Beckhoff IPC Diagnostics before 1.8 does not properly restrict access to functions in /config, which allows remote attackers to cause a denial of service (reboot or shutdown), create arbitrary users, or possibly have unspecified other impact via a crafted request, as demonstrated by a beckhoff.com:service:cxconfig:1#Write SOAP action to /upnpisapi. | |||||
CVE-2016-2150 | 5 Debian, Microsoft, Opensuse and 2 more | 12 Debian Linux, Windows, Leap and 9 more | 2023-12-10 | 3.6 LOW | 7.1 HIGH |
SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261. |