Total
409 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-3710 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-02-28 | 4.3 MEDIUM | N/A |
Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message. | |||||
CVE-2015-5178 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Wildfly Application Server | 2024-02-28 | 4.3 MEDIUM | N/A |
The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element. | |||||
CVE-2016-5511 | 1 Oracle | 1 Webcenter Sites | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 12.2.1.0.0, 12.2.1.1.0, and 12.2.1.2.0 allows remote attackers to affect integrity via unknown vectors. | |||||
CVE-2016-1664 | 3 Google, Opensuse, Redhat | 6 Chrome, Opensuse, Enterprise Linux Desktop Supplementary and 3 more | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web site. | |||||
CVE-2014-9196 | 1 Eaton | 1 Proview | 2024-02-28 | 9.3 HIGH | N/A |
Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value. | |||||
CVE-2016-0896 | 1 Pivotal Software | 1 Cloud Foundry Elastic Runtime | 2024-02-28 | 7.5 HIGH | 7.3 HIGH |
Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254 address. | |||||
CVE-2016-4500 | 1 Moxa | 2 Uc-7408 Lx-plus, Uc-7408 Lx-plus Firmware | 2024-02-28 | 4.9 MEDIUM | 5.8 MEDIUM |
Moxa UC-7408 LX-Plus devices allow remote authenticated users to write to the firmware, and consequently render a device unusable, by leveraging root access. | |||||
CVE-2015-5306 | 1 Openstack | 1 Ironic Inspector | 2024-02-28 | 6.8 MEDIUM | N/A |
OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error. | |||||
CVE-2015-0943 | 1 Basware | 1 Banking | 2024-02-28 | 5.8 MEDIUM | N/A |
Basware Banking (Maksuliikenne) before 9.10.0.0 does not encrypt communication between the client and the backend server, which allows man-in-the-middle attackers to obtain encryption keys, user credentials, and other sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream. | |||||
CVE-2016-3163 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The XML-RPC system in Drupal 6.x before 6.38 and 7.x before 7.43 might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same method. | |||||
CVE-2016-5525 | 1 Oracle | 1 Solaris Cluster | 2024-02-28 | 2.1 LOW | 3.3 LOW |
Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.3 allows local users to affect integrity via vectors related to Cluster check files. | |||||
CVE-2016-4748 | 1 Apple | 1 Mac Os X | 2024-02-28 | 4.6 MEDIUM | 5.3 MEDIUM |
Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable. | |||||
CVE-2016-7031 | 2 Ceph Project, Redhat | 2 Ceph, Ceph Storage | 2024-02-28 | 4.3 MEDIUM | 7.5 HIGH |
The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL. | |||||
CVE-2016-5145 | 1 Google | 1 Chrome | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. | |||||
CVE-2015-1793 | 2 Openssl, Oracle | 4 Openssl, Jd Edwards Enterpriseone Tools, Opus 10g Ethernet Switch Family and 1 more | 2024-02-28 | 6.4 MEDIUM | 6.5 MEDIUM |
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate. | |||||
CVE-2015-5904 | 1 Apple | 1 Iphone Os | 2024-02-28 | 4.3 MEDIUM | N/A |
Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted web site. | |||||
CVE-2015-5833 | 1 Apple | 1 Mac Os X | 2024-02-28 | 7.2 HIGH | N/A |
The Login Window component in Apple OS X before 10.11 does not ensure that the screen is locked at the intended time, which allows physically proximate attackers to obtain access by visiting an unattended workstation. | |||||
CVE-2016-3677 | 1 Huawei | 2 Hilink App, Wear App | 2024-02-28 | 6.8 MEDIUM | 6.5 MEDIUM |
The Huawei Wear App application before 15.0.0.307 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008. | |||||
CVE-2016-5128 | 1 Google | 2 Chrome, V8 | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | |||||
CVE-2016-2114 | 2 Canonical, Samba | 2 Ubuntu Linux, Samba | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream. |