Export limit exceeded: 11725 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11725 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-1905 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2025-04-12 | N/A |
| The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object. | ||||
| CVE-2016-1999 | 1 Hp | 1 Release Control | 2025-04-12 | N/A |
| The server in HP Release Control 9.13, 9.20, and 9.21 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | ||||
| CVE-2016-1866 | 2 Opensuse, Saltstack | 2 Leap, Salt | 2025-04-12 | N/A |
| Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream. | ||||
| CVE-2016-1844 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors. | ||||
| CVE-2016-1842 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2025-04-12 | N/A |
| MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic. | ||||
| CVE-2016-1806 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| Crash Reporter in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app. | ||||
| CVE-2016-1805 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| CoreStorage in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app. | ||||
| CVE-2016-1797 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to bypass intended FontValidator sandbox-policy restrictions and execute arbitrary code in a privileged context via a crafted app. | ||||
| CVE-2016-1782 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | N/A |
| WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly restrict redirects that specify a TCP port number, which allows remote attackers to bypass intended port restrictions via a crafted web site. | ||||
| CVE-2016-1776 | 1 Apple | 1 Mac Os X Server | 2025-04-12 | N/A |
| Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request. | ||||
| CVE-2016-1774 | 1 Apple | 1 Mac Os X Server | 2025-04-12 | N/A |
| The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions. | ||||
| CVE-2016-1770 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL. | ||||
| CVE-2016-1329 | 5 Cisco, Samsung, Sun and 2 more | 10 Nexus 3048, Nexus 3064, Nexus 3064t and 7 more | 2025-04-12 | N/A |
| Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID CSCuy25800. | ||||
| CVE-2016-1315 | 1 Cisco | 1 Email Security Appliance Firmeware | 2025-04-12 | N/A |
| The proxy engine in Cisco Advanced Malware Protection (AMP), when used with Email Security Appliance (ESA) 9.5.0-201, 9.6.0-051, and 9.7.0-125, allows remote attackers to bypass intended content restrictions via a malformed e-mail message containing an encoded file, aka Bug ID CSCux45338. | ||||
| CVE-2016-1307 | 2 Zyxel, Zzinc | 2 Gs1900-10hp Firmware, Keymouse Firmware | 2025-04-12 | N/A |
| The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085. | ||||
| CVE-2016-1302 | 5 Cisco, Samsung, Sun and 2 more | 22 Nexus 92160yc-x, Nexus 92304qc, Nexus 9236c and 19 more | 2025-04-12 | N/A |
| Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998. | ||||
| CVE-2016-1301 | 1 Cisco | 2 Asa Cx Context-aware Security Software, Prime Security Manager | 2025-04-12 | N/A |
| The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1(112) and Cisco Prime Security Manager (PRSM) software before 9.3.1.1(112) allows remote authenticated users to change arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuo94842. | ||||
| CVE-2016-1279 | 1 Juniper | 1 Junos | 2025-04-12 | N/A |
| J-Web in Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 before 12.1X47-D35, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D25, 13.3 before 13.3R10, 13.3R9 before 13.3R9-S1, 14.1 before 14.1R7, 14.1X53 before 14.1X53-D35, 14.2 before 14.2R6, 15.1 before 15.1A2 or 15.1F4, 15.1X49 before 15.1X49-D30, and 15.1R before 15.1R3 might allow remote attackers to obtain sensitive information and consequently gain administrative privileges via unspecified vectors. | ||||
| CVE-2016-1278 | 1 Juniper | 1 Junos | 2025-04-12 | N/A |
| Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to "safe mode" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the "request system software" command with the "partition" option. | ||||
| CVE-2016-1240 | 4 Apache, Canonical, Debian and 1 more | 4 Tomcat, Ubuntu Linux, Debian Linux and 1 more | 2025-04-12 | N/A |
| The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out. | ||||