ReportizFlow
Filtered by vendor
Subscriptions
Total
5100 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-7248 | 1 Microsoft | 5 Windows 10, Windows 7, Windows 8.1 and 2 more | 2025-04-12 | N/A |
| Microsoft Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Video Control Remote Code Execution Vulnerability." | ||||
| CVE-2015-2559 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2025-04-12 | N/A |
| Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL. | ||||
| CVE-2015-3675 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the mod_hfs_apple module, which allows remote attackers to bypass HTTP authentication via a crafted URL. | ||||
| CVE-2015-2534 | 1 Microsoft | 3 Windows 10, Windows 8.1, Windows Server 2012 | 2025-04-12 | N/A |
| Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 improperly processes ACL settings, which allows local users to bypass intended network-traffic restrictions via a crafted application, aka "Hyper-V Security Feature Bypass Vulnerability." | ||||
| CVE-2016-7952 | 2 Fedoraproject, X.org | 2 Fedora, Libxtst | 2025-04-12 | N/A |
| X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data. | ||||
| CVE-2016-10084 | 1 Piwigo | 1 Piwigo | 2025-04-12 | N/A |
| admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter). | ||||
| CVE-2015-5838 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| SpringBoard in Apple iOS before 9 does not properly restrict access to privileged API calls, which allows attackers to spoof the dialog windows of an arbitrary app via a crafted app. | ||||
| CVE-2016-7967 | 1 Kde | 1 Kmail | 2025-04-12 | N/A |
| KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled. | ||||
| CVE-2016-3105 | 2 Debian, Mercurial | 2 Debian Linux, Mercurial | 2025-04-12 | N/A |
| The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name. | ||||
| CVE-2015-5913 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| Heimdal, as used in Apple OS X before 10.11, allows remote attackers to conduct replay attacks against the SMB server via packet data that represents a Kerberos authenticated request. | ||||
| CVE-2016-3060 | 1 Ibm | 1 Financial Transaction Manager | 2025-04-12 | N/A |
| Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site. | ||||
| CVE-2016-2989 | 1 Ibm | 1 Connections Portlets | 2025-04-12 | N/A |
| Open redirect vulnerability in the Connections Portlets component 5.x before 5.0.2 for IBM WebSphere Portal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| CVE-2015-2509 | 1 Microsoft | 4 Windows 7, Windows 8, Windows 8.1 and 1 more | 2025-04-12 | N/A |
| Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Media Center link (mcl) file, aka "Windows Media Center RCE Vulnerability." | ||||
| CVE-2016-2929 | 1 Ibm | 1 Bigfix Remote Control | 2025-04-12 | N/A |
| IBM BigFix Remote Control before 9.1.3 does not properly restrict password choices, which makes it easier for remote attackers to obtain access via a brute-force approach. | ||||
| CVE-2015-5960 | 1 Mozilla | 1 Firefox Os | 2025-04-12 | N/A |
| Mozilla Firefox OS before 2.2 allows physically proximate attackers to bypass the pass-code protection mechanism and access USB Mass Storage (UMS) media volumes by using the USB interface for a mount operation. | ||||
| CVE-2016-8222 | 1 Lenovo | 148 Thinkpad 10 Ella 2, Thinkpad 10 Ella 2 Bios, Thinkpad 11e Beema and 145 more | 2025-04-12 | N/A |
| A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow certain BIOS variables or settings to be altered (such as boot sequence). The setting or changing of BIOS passwords is not affected by this vulnerability. | ||||
| CVE-2016-2887 | 2 Ibm, Microsoft | 2 Ims Enterprise Suite, .net Framework | 2025-04-12 | N/A |
| IBM IMS Enterprise Suite Data Provider before 3.2.0.1 for Microsoft .NET allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | ||||
| CVE-2016-8281 | 1 Oracle | 1 Platform Security For Java | 2025-04-12 | N/A |
| Unspecified vulnerability in the Oracle Platform Security for Java component in Oracle Fusion Middleware 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-5536. | ||||
| CVE-2016-8285 | 1 Oracle | 1 Peoplesoft Enterprise Human Capital Management Candidate Gateway | 2025-04-12 | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote administrators to affect confidentiality and integrity via vectors related to Candidate Gateway. | ||||
| CVE-2016-8288 | 2 Oracle, Redhat | 2 Mysql, Rhel Software Collections | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin. | ||||