Search Results (11736 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-8223 2 Lenovo, Microsoft 2 System Interface Foundation, Windows 10 2025-04-12 N/A
During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interface Foundation software installed on some Windows 10 PCs where a user with local privileges could run arbitrary code with administrator level privileges.
CVE-2016-6198 3 Linux, Oracle, Redhat 5 Linux Kernel, Linux, Vm Server and 2 more 2025-04-12 N/A
The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c.
CVE-2016-8279 1 Huawei 7 Honor6, Honor6 Firmware, Honor6 Plus and 4 more 2025-04-12 N/A
The video driver in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B362, CRR-UL20 before CRR-UL20C00B362, CRR-CL00 before CRR-CL00C92B362, and CRR-CL20 before CRR-CL20C92B362; P8 smartphones with software GRA-TL00 before GRA-TL00C01B366, GRA-UL00 before GRA-UL00C00B366, GRA-UL10 before GRA-UL10C00B366, and GRA-CL00 before GRA-CL00C92B366; and Honor 6 and Honor 6 Plus smartphones with software before 6.9.16 allows attackers to cause a denial of service (device reboot) via a crafted application.
CVE-2016-5425 3 Apache, Oracle, Redhat 10 Tomcat, Instantis Enterprisetrack, Linux and 7 more 2025-04-12 7.8 High
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
CVE-2015-5247 2 Canonical, Redhat 2 Ubuntu Linux, Libvirt 2025-04-12 N/A
The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool.
CVE-2016-5383 1 Redhat 2 Cloudforms, Cloudforms Managementengine 2025-04-12 N/A
The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving "Lack of field filters."
CVE-2016-5799 1 Moxa 7 Oncell G3001 Firmware, Oncell G3100v2, Oncell G3100v2 Firmware and 4 more 2025-04-12 N/A
Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not properly restrict authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVE-2016-5192 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages.
CVE-2016-5482 1 Oracle 1 Commerce Guided Search 2025-04-12 N/A
Unspecified vulnerability in the Oracle Commerce Guided Search component in Oracle Commerce 6.2.2, 6.3.0, 6.4.1.2, and 6.5.0 through 6.5.2 allows remote attackers to affect confidentiality and integrity via unknown vectors.
CVE-2016-5645 1 Rockwellautomation 6 1766-l32awa, 1766-l32awaa, 1766-l32bwa and 3 more 2025-04-12 N/A
Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L32AWAA, and 1766-L32BXBA devices have a hardcoded SNMP community, which makes it easier for remote attackers to load arbitrary firmware updates by leveraging knowledge of this community.
CVE-2014-3053 1 Ibm 5 Security Access Manager For Mobile Appliance, Security Access Manager For Mobile Software, Security Access Manager For Web 8.0 Firmware and 2 more 2025-04-12 N/A
The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials.
CVE-2016-5700 1 F5 8 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Application Acceleration Manager and 5 more 2025-04-12 N/A
Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2, when configured with the HTTP Explicit Proxy functionality or SOCKS profile, allow remote attackers to modify the system configuration, read system files, and possibly execute arbitrary code via unspecified vectors.
CVE-2015-7899 1 Joomla 1 Joomla\! 2025-04-12 N/A
The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2016-6317 2 Redhat, Rubyonrails 2 Rhel Software Collections, Rails 2025-04-12 N/A
Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.
CVE-2016-6144 1 Sap 1 Hana 2025-04-12 N/A
The SQL interface in SAP HANA before Revision 102 does not limit the number of login attempts for the SYSTEM user when the password_lock_for_system_user is not supported or is configured as "False," which makes it easier for remote attackers to bypass authentication via a brute force attack, aka SAP Security Note 2216869.
CVE-2016-6150 1 Sap 1 Hana 2025-04-12 N/A
The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended access restrictions and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2233550.
CVE-2016-7141 3 Haxx, Opensuse, Redhat 5 Libcurl, Leap, Enterprise Linux and 2 more 2025-04-12 N/A
curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.
CVE-2014-0348 1 Ontariosystems 4 Artiva Architect, Artiva Healthcare, Artiva Rm and 1 more 2025-04-12 N/A
The Artiva Agency Single Sign-On (SSO) implementation in Artiva Workstation 1.3.x before 1.3.9, Artiva Rm 3.1 MR7, Artiva Healthcare 5.2 MR5, and Artiva Architect 3.2 MR5, when the domain-name option is enabled, allows remote attackers to login to arbitrary domain accounts by using the corresponding username on a Windows client machine.
CVE-2016-1329 5 Cisco, Samsung, Sun and 2 more 10 Nexus 3048, Nexus 3064, Nexus 3064t and 7 more 2025-04-12 N/A
Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID CSCuy25800.
CVE-2016-1307 2 Zyxel, Zzinc 2 Gs1900-10hp Firmware, Keymouse Firmware 2025-04-12 N/A
The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085.