Search Results (12765 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-8394 1 Linux 1 Linux Kernel 2025-04-20 N/A
An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31913197.
CVE-2016-8391 1 Linux 1 Linux Kernel 2025-04-20 N/A
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31253255. References: QC-CR#1072166.
CVE-2016-9467 2 Nextcloud, Owncloud 2 Nextcloud Server, Owncloud 2025-04-20 N/A
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.
CVE-2016-9462 2 Nextcloud, Owncloud 2 Nextcloud Server, Owncloud 2025-04-20 N/A
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to restore old versions.
CVE-2016-9460 2 Nextcloud, Owncloud 2 Nextcloud, Owncloud 2025-04-20 N/A
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.
CVE-2016-8319 1 Oracle 1 Flexcube Investor Servicing 2025-04-20 N/A
Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Investor Servicing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts).
CVE-2016-9124 1 Revive-adserver 1 Revive Adserver 2025-04-20 N/A
Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to regular users during such attacks. A random delay has instead been introduced as a countermeasure in case of password failures, along with a system to discourage parallel brute forcing. These systems will effectively allow the valid users to log in to the adserver, even while an attack is in progress.
CVE-2016-9122 1 Go-jose Project 1 Go-jose 2025-04-20 N/A
go-jose before 1.0.4 suffers from multiple signatures exploitation. The go-jose library supports messages with multiple signatures. However, when validating a signed message the API did not indicate which signature was valid, which could potentially lead to confusion. For example, users of the library might mistakenly read protected header values from an attached signature that was different from the one originally validated.
CVE-2016-8316 1 Oracle 1 Flexcube Investor Servicing 2025-04-20 N/A
Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Investor Servicing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts).
CVE-2016-8311 1 Oracle 1 Flexcube Universal Banking 2025-04-20 N/A
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 6.5 (Confidentiality impacts).
CVE-2016-8309 1 Oracle 1 Flexcube Investor Servicing 2025-04-20 N/A
Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts).
CVE-2016-9468 2 Nextcloud, Owncloud 2 Nextcloud Server, Owncloud 2025-04-20 N/A
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information.
CVE-2016-9464 1 Nextcloud 1 Nextcloud Server 2025-04-20 N/A
Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares. The Sharing Backend as implemented in Nextcloud does differentiate between shares to users and groups. In case of a received group share, users should be able to unshare the file to themselves but not to the whole group. The previous API implementation simply unshared the file to all users in the group.
CVE-2007-6760 1 Dataprobe 2 Ibootbar, Ibootbar Firmware 2025-04-20 N/A
Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie.
CVE-2016-9463 2 Nextcloud, Owncloud 2 Nextcloud Server, Owncloud 2025-04-20 N/A
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB server. This backend is implemented in a way that tries to connect to a SMB server and if that succeeded consider the user logged-in. The backend did not properly take into account SMB servers that have any kind of anonymous auth configured. This is the default on SMB servers nowadays and allows an unauthenticated attacker to gain access to an account without valid credentials. Note: The SMB backend is disabled by default and requires manual configuration in the Nextcloud/ownCloud config file. If you have not configured the SMB backend then you're not affected by this vulnerability.
CVE-2017-6526 1 Dnatools 1 Dnalims 2025-04-20 N/A
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell (cgi-bin/dna/sysAdmin.cgi POST requests).
CVE-2016-9461 2 Nextcloud, Owncloud 2 Nextcloud Server, Owncloud 2025-04-20 N/A
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files.
CVE-2017-7405 1 Dlink 1 Dir-615 2025-04-20 9.8 Critical
On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim's host, an attacker might be able to take over the administrative session without being prompted for authentication credentials. An attacker can get the victim's and router's IP addresses by simply sniffing the network traffic. Moreover, if the victim has web access enabled on his router and is accessing the web interface from a different network that is behind the NAT/Proxy, an attacker can sniff the network traffic to know the public IP address of the victim's router and take over his session as he won't be prompted for credentials.
CVE-2016-8273 1 Huawei 1 Hisuite 2025-04-20 N/A
Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise the PC.
CVE-2016-8236 1 Lenovo 6 Thinkserver Firmware, Thinkserver Rd350, Thinkserver Rd450 and 3 more 2025-04-20 N/A
Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77.