Total
409 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8310 | 1 Oracle | 1 Flexcube Universal Banking | 2024-02-28 | 7.5 HIGH | 7.3 HIGH |
| Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Universal Banking. CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). | |||||
| CVE-2016-7630 | 1 Apple | 1 Iphone Os | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebSheet" component, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors. | |||||
| CVE-2016-5117 | 1 Openntpd | 1 Openntpd | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate. | |||||
| CVE-2016-8508 | 1 Yandex | 1 Yandex Browser | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Yandex Browser for desktop before 17.1.1.227 does not show Protect (similar to Safebrowsing in Chromium) warnings in web-sites with special content-type, which could be used by remote attacker for prevention Protect warning on own malicious web-site. | |||||
| CVE-2016-9850 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | |||||
| CVE-2016-3180 | 1 Tor Browser Launcher Project | 1 Tor Browser Launcher | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
| Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the initial run, allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a Trojan horse tar file and a signature file with the valid tarball and signature. | |||||
| CVE-2016-9865 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | |||||
| CVE-2016-4412 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 3.6 LOW | 4.4 MEDIUM |
| An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the user's valid phpMyAdmin token. All 4.0.x versions (prior to 4.0.10.16) are affected. | |||||
| CVE-2016-4890 | 1 Zohocorp | 1 Servicedesk Plus | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generating cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a cookie. | |||||
| CVE-2016-0353 | 1 Ibm | 1 Security Privileged Identity Manager | 2024-02-28 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2010-1776 | 1 Apple | 1 Iphone Os | 2024-02-28 | 4.9 MEDIUM | 4.8 MEDIUM |
| Find My iPhone on iOS 2.0 through 3.1.3 for iPhone 3G and later and iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later, when Find My iPhone is disabled, allows remote authenticated users with an associated MobileMe account to wipe the device. | |||||
| CVE-2016-7222 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| Task Scheduler in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to gain privileges via a crafted UNC pathname in a task, aka "Task Scheduler Elevation of Privilege Vulnerability." | |||||
| CVE-2016-6460 | 1 Cisco | 1 Firesight System Software | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0. | |||||
| CVE-2016-5949 | 1 Ibm | 1 Kenexa Lcms Premier | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to obtain sensitive user data with a specially crafted HTTP request. | |||||
| CVE-2016-7541 | 1 Fortinet | 1 Fortios | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. All FortiGate versions with IPS configured in proxy mode (the default mode) are not affected. | |||||
| CVE-2015-8990 | 1 Mcafee | 1 Advanced Threat Defense | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Detection bypass vulnerability in Intel Security Advanced Threat Defense (ATD) 3.4.6 and earlier allows malware samples to bypass ATD detection via renaming the malware. | |||||
| CVE-2016-7584 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "AppleMobileFileIntegrity" component, which allows remote attackers to spoof signed code by using a matching team ID. | |||||
| CVE-2015-3230 | 1 Fedoraproject | 1 389 Directory Server | 2024-02-28 | 7.5 HIGH | N/A |
| 389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher. | |||||
| CVE-2015-7193 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-02-28 | 7.5 HIGH | N/A |
| Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step. | |||||
| CVE-2015-7812 | 1 Xen | 1 Xen | 2024-02-28 | 4.9 MEDIUM | N/A |
| The hypercall_create_continuation function in arch/arm/domain.c in Xen 4.4.x through 4.6.x allows local guest users to cause a denial of service (host crash) via a preemptible hypercall to the multicall interface. | |||||