Search Results (11736 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-2012 1 Hp 1 Network Node Manager I 2025-04-12 N/A
HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to bypass authentication via unspecified vectors.
CVE-2016-2014 1 Hp 1 Network Node Manager I 2025-04-12 N/A
HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.
CVE-2016-2048 1 Djangoproject 1 Django 2025-04-12 N/A
Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission.
CVE-2016-2049 1 Janrain 1 Php-openid 2025-04-12 N/A
examples/consumer/common.php in JanRain PHP OpenID library (aka php-openid) improperly checks the openid.realm parameter against the SERVER_NAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted HTTP Host header.
CVE-2016-2816 1 Mozilla 1 Firefox 2025-04-12 N/A
Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type.
CVE-2016-2820 1 Mozilla 1 Firefox 2025-04-12 N/A
The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element.
CVE-2016-2854 1 Linux 1 Linux Kernel 2025-04-12 7.8 High
The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.
CVE-2016-2853 1 Linux 1 Linux Kernel 2025-04-12 7.8 High
The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.
CVE-2016-2860 2 Debian, Openafs 2 Debian Linux, Openafs 2025-04-12 N/A
The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID.
CVE-2016-2874 1 Ibm 1 Qradar Security Information And Event Manager 2025-04-12 N/A
IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandles authorization, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2016-2887 2 Ibm, Microsoft 2 Ims Enterprise Suite, .net Framework 2025-04-12 N/A
IBM IMS Enterprise Suite Data Provider before 3.2.0.1 for Microsoft .NET allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
CVE-2016-2929 1 Ibm 1 Bigfix Remote Control 2025-04-12 N/A
IBM BigFix Remote Control before 9.1.3 does not properly restrict password choices, which makes it easier for remote attackers to obtain access via a brute-force approach.
CVE-2016-1474 1 Cisco 1 Prime Infrastructure 2025-04-12 N/A
Cisco Prime Infrastructure 2.2(2) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuw65846, a different vulnerability than CVE-2015-6434.
CVE-2016-3708 1 Redhat 1 Openshift 2025-04-12 N/A
Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary.
CVE-2016-3713 1 Linux 1 Linux Kernel 2025-04-12 N/A
The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel before 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or write to the kvm_arch_vcpu data structure, and consequently obtain sensitive information or cause a denial of service (system crash), via a crafted ioctl call.
CVE-2016-4373 1 Hp 1 Operations Manager 2025-04-12 N/A
The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
CVE-2016-4407 1 Sap 1 Sapcryptolib 2025-04-12 N/A
The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008.
CVE-2016-4963 1 Xen 1 Xen 2025-04-12 N/A
The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore.
CVE-2016-5101 2 Microsoft, Opera 2 Windows, Opera Mail 2025-04-12 N/A
Unspecified vulnerability in Opera Mail before 2016-02-16 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted e-mail message.
CVE-2016-5109 1 Citrix 2 Worx Home, Xenmobile Mdx Toolkit 2025-04-12 N/A
Citrix Worx Home for iOS before 10.3.6 and XenMobile MDX Toolkit for iOS before 10.3.6 might allow physically proximate attackers to bypass in-application Apple Touch ID authentication via unspecified vectors, related to an application requiring re-authentication.