Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0322 | 1 Ibm | 1 Connections | 2016-06-30 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 through CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML by uploading an HTML document. | |||||
| CVE-2016-0267 | 1 Ibm | 1 Urbancode Deploy | 2016-06-29 | 4.0 MEDIUM | 7.7 HIGH |
| IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 allows remote authenticated users to obtain sensitive cleartext secure-property information via (1) the server UI or (2) a database request. | |||||
| CVE-2016-0298 | 1 Ibm | 1 Security Guardium | 2016-06-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in IBM Security Guardium Database Activity Monitor 10 before 10.0p100 allows remote authenticated users to read arbitrary files via a crafted URL. | |||||
| CVE-2015-0376 | 1 Oracle | 1 Fusion Middleware | 2016-06-29 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related to Content Server. | |||||
| CVE-2014-4872 | 1 Bmc | 1 Bmc Track-it\! | 2016-06-29 | 7.5 HIGH | N/A |
| BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService. | |||||
| CVE-2014-4874 | 1 Bmc | 1 Bmc Track-it\! | 2016-06-28 | 4.0 MEDIUM | N/A |
| BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page. | |||||
| CVE-2015-0844 | 2 Fedoraproject, Wesnoth | 2 Fedora, Battle For Wesnoth | 2016-06-28 | 5.0 MEDIUM | N/A |
| The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file. | |||||
| CVE-2016-5087 | 1 Alertus | 1 Alertus Desktop Notification For Os X | 2016-06-28 | 3.6 LOW | 4.4 MEDIUM |
| Alertus Desktop Notification before 2.9.31.1710 on OS X uses weak permissions for configuration files and unspecified other files, which allows local users to suppress emergency notifications or change content via standard filesystem operations. | |||||
| CVE-2016-4513 | 1 Schneider-electric | 2 Powerlogic Pm8ecc, Powerlogic Pm8ecc Firmware | 2016-06-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Schneider Electric PowerLogic PM8ECC module before 2.651 for PowerMeter 800 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-0224 | 1 Ibm | 1 Marketing Platform | 2016-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-0229 | 1 Ibm | 1 Marketing Platform | 2016-06-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 8.6.x and 9.x before 9.1.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-4525 | 1 Advantech | 1 Webaccess | 2016-06-28 | 3.3 LOW | 6.6 MEDIUM |
| Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag. | |||||
| CVE-2016-0233 | 1 Ibm | 1 Marketing Platform | 2016-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-4824 | 1 Corega | 4 Cg-wlr300gnv, Cg-wlr300gnv-w, Cg-wlr300gnv-w Firmware and 1 more | 2016-06-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack. | |||||
| CVE-2016-4823 | 1 Corega | 2 Cg-wlbaragm Firmware, Cg-wlbargmh | 2016-06-27 | 7.8 HIGH | 7.5 HIGH |
| Corega CG-WLBARAGM devices allow remote attackers to cause a denial of service (reboot) via unspecified vectors. | |||||
| CVE-2016-4822 | 1 Corega | 2 Cg-wlbargnl, Cg-wlbargnl Firmware | 2016-06-27 | 5.2 MEDIUM | 8.0 HIGH |
| Corega CG-WLBARGL devices allow remote authenticated users to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2016-5435 | 1 Huawei | 10 Huawei Firmware, Ips Module, Ngfw Module and 7 more | 2016-06-27 | 7.1 HIGH | 5.9 MEDIUM |
| Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100, when in hot standby networking where two devices are not directly connected, allows remote attackers to cause a denial of service (memory consumption and reboot) via a crafted packet. | |||||
| CVE-2015-2686 | 1 Linux | 1 Linux Kernel | 2016-06-27 | 7.2 HIGH | 7.8 HIGH |
| net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copy_from_iter function in the iov_iter interface, as demonstrated by the Bluetooth subsystem. | |||||
| CVE-2016-5723 | 1 Huawei | 1 Fusioninsight Hd | 2016-06-27 | 7.2 HIGH | 7.8 HIGH |
| Huawei FusionInsight HD before V100R002C60SPC200 allows local users to gain root privileges via unspecified vectors. | |||||
| CVE-2016-1193 | 1 Cybozu | 1 Garoon | 2016-06-27 | 5.0 MEDIUM | 7.5 HIGH |
| Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors. | |||||