Total
414 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-5525 | 1 Oracle | 1 Solaris Cluster | 2025-04-12 | N/A |
| Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.3 allows local users to affect integrity via vectors related to Cluster check files. | ||||
| CVE-2016-5540 | 1 Oracle | 1 Micros Xstore Payment | 2025-04-12 | N/A |
| Unspecified vulnerability in the Oracle Retail Xstore Payment component in Oracle Retail Applications 1.x allows local users to affect confidentiality and integrity via unknown vectors. | ||||
| CVE-2016-5702 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | N/A |
| phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI. | ||||
| CVE-2016-6493 | 1 Citrix | 2 Xenapp, Xendesktop | 2025-04-12 | N/A |
| Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission. | ||||
| CVE-2016-6624 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | N/A |
| An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | ||||
| CVE-2016-6626 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | N/A |
| An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | ||||
| CVE-2016-6628 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | N/A |
| An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | ||||
| CVE-2016-6639 | 2 Cloudfoundry, Pivotal | 2 Php-buildpack, Cloud Foundry Elastic Runtime | 2025-04-12 | 7.5 High |
| Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might allow remote attackers to obtain sensitive information via an HTTP GET request for this file. | ||||
| CVE-2016-6708 | 1 Google | 1 Android | 2025-04-12 | N/A |
| An elevation of privilege in the System UI in Android 7.0 before 2016-11-01 could enable a local malicious user to bypass the security prompt of your work profile in Multi-Window mode. This issue is rated as High because it is a local bypass of user interaction requirements for any developer or security setting modifications. Android ID: A-30693465. | ||||
| CVE-2016-6848 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-04-12 | N/A |
| An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client ("Reflected File Download"). Malicious platform specific (e.g. Microsoft Windows) batch file can be created via a trusted domain without authentication that, if executed by the user, may lead to local code execution. | ||||
| CVE-2016-7031 | 2 Ceph Project, Redhat | 2 Ceph, Ceph Storage | 2025-04-12 | N/A |
| The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL. | ||||
| CVE-2016-6957 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-12 | N/A |
| Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors. | ||||
| CVE-2016-7222 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2025-04-12 | N/A |
| Task Scheduler in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to gain privileges via a crafted UNC pathname in a task, aka "Task Scheduler Elevation of Privilege Vulnerability." | ||||
| CVE-2016-7281 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | N/A |
| The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Browser Security Feature Bypass Vulnerability." | ||||
| CVE-2016-7401 | 4 Canonical, Debian, Djangoproject and 1 more | 4 Ubuntu Linux, Debian Linux, Django and 1 more | 2025-04-12 | N/A |
| The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies. | ||||
| CVE-2016-7959 | 1 Siemens | 1 Simatic Step 7 | 2025-04-12 | N/A |
| Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to a file and conducting a brute-force attack. | ||||
| CVE-2016-8502 | 1 Yandex | 1 Yandex Browser | 2025-04-12 | N/A |
| Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript. | ||||
| CVE-2016-8503 | 1 Yandex | 1 Yandex Browser | 2025-04-12 | N/A |
| Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript. | ||||
| CVE-2016-8600 | 1 Dotcms | 1 Dotcms | 2025-04-12 | N/A |
| In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later. | ||||
| CVE-2016-9111 | 1 Citrix | 1 Receiver Desktop | 2025-04-12 | N/A |
| Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection of a LAN cable. NOTE: as of 20161208, the vendor could not reproduce the issue, stating "the researcher was unable to provide us with information that would allow us to confirm the behaviour and, despite extensive investigation on test deployments of supported products, we were unable to reproduce the behaviour as he described. The researcher has also, despite additional requests for information, ceased to respond to us." | ||||