Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0565 | 1 Oracle | 1 Supply Chain Products Suite | 2016-05-18 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Agile component in Oracle Supply Chain Products Suite 5.2.2, 6.0.0, and 6.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Install. | |||||
| CVE-2013-5826 | 1 Oracle | 1 Supply Chain Products Suite | 2016-05-18 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.3 and 6.3.1 allows remote attackers to affect availability via unknown vectors related to Install / Installation. | |||||
| CVE-2011-2326 | 1 Oracle | 2 Jd Edwards Enterpriseone Tools, Jd Edwards Products | 2016-05-18 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDENET), a different vulnerability than CVE-2011-2325, CVE-2011-3509, and CVE-2011-3524. | |||||
| CVE-2014-4290 | 1 Oracle | 1 Database Server | 2016-05-18 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477. | |||||
| CVE-2011-2317 | 1 Oracle | 2 Jd Edwards Enterpriseone Tools, Jd Edwards Products | 2016-05-18 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect integrity, related to Enterprise Infrastucture SEC (JDNET). | |||||
| CVE-2013-5813 | 1 Oracle | 1 Fusion Middleware | 2016-05-18 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, 11.1.1.7.0, and 11.1.1.8.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Content Server. | |||||
| CVE-2011-2321 | 1 Oracle | 2 Jd Edwards Enterpriseone Tools, Jd Edwards Products | 2016-05-18 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDNET). | |||||
| CVE-2011-3514 | 1 Oracle | 2 Jd Edwards Enterpriseone Tools, Jd Edwards Products | 2016-05-18 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect integrity, related to Enterprise Infrastructure SEC (JDENET). | |||||
| CVE-2016-0719 | 2016-05-18 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-0718. Reason: This candidate is a reservation duplicate of CVE-2016-0718. Notes: All CVE users should reference CVE-2016-0718 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2016-2189 | 2016-05-17 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-4565. Reason: This candidate is a reservation duplicate of CVE-2016-4565. Notes: All CVE users should reference CVE-2016-4565 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2016-3719 | 2016-05-17 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2016-1207 | 1 Iodata | 6 Wn-g300r, Wn-g300r2, Wn-g300r2 Firmware and 3 more | 2016-05-17 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R devices with firmware 1.12 and earlier, WN-G300R2 devices with firmware 1.12 and earlier, and WN-G300R3 devices with firmware 1.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-2456 | 1 Google | 2 Android, Android One | 2016-05-16 | 5.1 MEDIUM | 7.0 HIGH |
| The MediaTek Wi-Fi driver in Android before 2016-05-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 27275187. | |||||
| CVE-2016-2196 | 1 Botan Project | 1 Botan | 2016-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the P-521 reduction function in Botan 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (memory overwrite and crash) or execute arbitrary code via unspecified vectors. | |||||
| CVE-2015-5726 | 2 Botan Project, Debian | 2 Botan, Debian Linux | 2016-05-16 | 5.0 MEDIUM | 7.5 HIGH |
| The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data. | |||||
| CVE-2014-9742 | 1 Botan Project | 1 Botan | 2016-05-16 | 5.0 MEDIUM | 7.5 HIGH |
| The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a DH group. | |||||
| CVE-2016-1236 | 2 Debian, Websvn | 2 Debian Linux, Websvn | 2016-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.php, (2) log.php, (3) listing.php, and (4) comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a (a) file or (b) directory in a repository. | |||||
| CVE-2016-0390 | 1 Ibm | 1 Algo One | 2016-05-16 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Algorithmics Algo One Algo Risk Application (ARA) 4.9.1 through 5.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-4561 | 2 Debian, Ikiwiki | 2 Debian Linux, Ikiwiki | 2016-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message. | |||||
| CVE-2016-2060 | 1 Google | 1 Android | 2016-05-16 | 9.3 HIGH | 7.8 HIGH |
| server/TetherController.cpp in the tethering controller in netd, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate upstream interface names, which allows attackers to bypass intended access restrictions via a crafted application. | |||||