Total
414 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-6626 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | N/A |
| An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | ||||
| CVE-2015-4508 | 1 Mozilla | 1 Firefox | 2025-04-12 | N/A |
| Mozilla Firefox before 41.0, when reader mode is enabled, allows remote attackers to spoof the relationship between address-bar URLs and web content via a crafted web site. | ||||
| CVE-2013-5229 | 1 Apple | 2 Apple Remote Desktop, Mac Os X | 2025-04-12 | N/A |
| The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box. | ||||
| CVE-2016-0128 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-12 | 6.8 Medium |
| The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 do not properly establish an RPC channel, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "Windows SAM and LSAD Downgrade Vulnerability" or "BADLOCK." | ||||
| CVE-2015-4498 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-12 | N/A |
| The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point in the installation process. | ||||
| CVE-2016-6493 | 1 Citrix | 2 Xenapp, Xendesktop | 2025-04-12 | N/A |
| Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission. | ||||
| CVE-2016-9160 | 1 Siemens | 2 Simatic Pcs 7, Simatic Wincc | 2025-04-12 | N/A |
| A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking on a malicious link under certain conditions. | ||||
| CVE-2014-2224 | 1 Plogger | 1 Plogger | 2025-04-12 | N/A |
| Plogger 1.0 RC1 and earlier, when the Lucid theme is used, does not assign new values for certain codes, which makes it easier for remote attackers to bypass the CAPTCHA protection mechanism via a series of form submissions. | ||||
| CVE-2016-5788 | 1 Ge | 4 Bently Nevada 3500\/22m Serial, Bently Nevada 3500\/22m Serial Firmware, Bently Nevada 3500\/22m Usb and 1 more | 2025-04-12 | N/A |
| General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via unspecified vectors. | ||||
| CVE-2016-6628 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | N/A |
| An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | ||||
| CVE-2015-4112 | 1 Blackberry | 1 Enterprise Server | 2025-04-12 | N/A |
| The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site, related to a "cross frame scripting" issue. | ||||
| CVE-2016-5702 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | N/A |
| phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI. | ||||
| CVE-2016-8600 | 1 Dotcms | 1 Dotcms | 2025-04-12 | N/A |
| In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later. | ||||
| CVE-2016-5540 | 1 Oracle | 1 Micros Xstore Payment | 2025-04-12 | N/A |
| Unspecified vulnerability in the Oracle Retail Xstore Payment component in Oracle Retail Applications 1.x allows local users to affect confidentiality and integrity via unknown vectors. | ||||
| CVE-2015-3755 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | N/A |
| WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL. | ||||
| CVE-2016-1958 | 4 Mozilla, Opensuse, Oracle and 1 more | 4 Firefox, Opensuse, Linux and 1 more | 2025-04-12 | N/A |
| browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL. | ||||
| CVE-2016-6340 | 1 Redhat | 2 Enterprise Linux, Quickstart Cloud Installer | 2025-04-12 | N/A |
| The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack. | ||||
| CVE-2015-1268 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| bindings/scripts/v8_types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not properly select a creation context for a return value's DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code, as demonstrated by use of a data: URL. | ||||
| CVE-2015-1278 | 4 Debian, Google, Opensuse and 1 more | 8 Debian Linux, Chrome, Opensuse and 5 more | 2025-04-12 | N/A |
| content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document's modal dialog is closed upon navigation to an interstitial page, which allows remote attackers to spoof URLs via a crafted document, as demonstrated by the alert_dialog.pdf document. | ||||
| CVE-2016-5511 | 1 Oracle | 1 Webcenter Sites | 2025-04-12 | N/A |
| Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 12.2.1.0.0, 12.2.1.1.0, and 12.2.1.2.0 allows remote attackers to affect integrity via unknown vectors. | ||||