Total
4756 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-5424 | 3 Debian, Postgresql, Redhat | 5 Debian Linux, Postgresql, Enterprise Linux and 2 more | 2025-04-12 | N/A |
| PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation. | ||||
| CVE-2016-1986 | 1 Hp | 1 Continuous Delivery Automation | 2025-04-12 | N/A |
| HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | ||||
| CVE-2016-1985 | 2 Hp, Microsoft | 2 Operations Manager, Windows | 2025-04-12 | N/A |
| HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | ||||
| CVE-2016-2098 | 3 Debian, Redhat, Rubyonrails | 4 Debian Linux, Rhel Software Collections, Rails and 1 more | 2025-04-12 | N/A |
| Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method. | ||||
| CVE-2016-1413 | 1 Cisco | 1 Secure Firewall Management Center | 2025-04-12 | N/A |
| The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517. | ||||
| CVE-2016-2119 | 2 Redhat, Samba | 3 Enterprise Linux, Storage, Samba | 2025-04-12 | 7.5 High |
| libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag. | ||||
| CVE-2016-9949 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2025-04-12 | N/A |
| An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code. | ||||
| CVE-2015-8761 | 1 Values Project | 1 Values | 2025-04-12 | N/A |
| The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly check permissions, which allows remote administrators with the "Import value sets" permission to execute arbitrary PHP code via the exported values list in a ctools import. | ||||
| CVE-2015-7905 | 1 Unitronics | 1 Visilogic Oplc Ide | 2025-04-12 | N/A |
| Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to execute unspecified code via unknown vectors. | ||||
| CVE-2015-7729 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892. | ||||
| CVE-2016-0033 | 1 Microsoft | 1 .net Framework | 2025-04-12 | N/A |
| Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service (performance degradation) via crafted XSLT data, aka ".NET Framework Stack Overflow Denial of Service Vulnerability." | ||||
| CVE-2015-6555 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | N/A |
| Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port. | ||||
| CVE-2015-5721 | 1 Misp-project | 1 Malware Information Sharing Platform | 2025-04-12 | N/A |
| Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp. | ||||
| CVE-2015-5693 | 1 Symantec | 1 Web Gateway | 2025-04-12 | N/A |
| The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands via vectors related to "traffic capture." | ||||
| CVE-2015-5970 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-12 | N/A |
| The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference. | ||||
| CVE-2015-7381 | 1 Refbase | 1 Refbase | 2025-04-12 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in install.php in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary PHP code via the (1) pathToMYSQL or (2) databaseStructureFile parameter, a different issue than CVE-2015-6008. | ||||
| CVE-2016-1000003 | 1 Mirror Manager Project | 1 Mirror Manager | 2025-04-12 | N/A |
| Mirror Manager version 0.7.2 and older is vulnerable to remote code execution in the checkin code. | ||||
| CVE-2015-5644 | 1 Icz | 1 Matchasns | 2025-04-12 | N/A |
| The installer in ICZ MATCHA SNS before 1.3.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors. | ||||
| CVE-2015-5643 | 1 Icz | 1 Matchasns | 2025-04-12 | N/A |
| The installer in ICZ MATCHA INVOICE before 2.5.7 does not properly configure the database, which allows remote attackers to execute arbitrary PHP code via unspecified vectors. | ||||
| CVE-2015-5646 | 1 Cybozu | 1 Garoon | 2025-04-12 | N/A |
| Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867. | ||||