Search Results (2199 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-5933 1 Ibm 1 Tivoli Monitoring 2025-04-20 N/A
IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM Reference #: 1997223.
CVE-2016-7584 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "AppleMobileFileIntegrity" component, which allows remote attackers to spoof signed code by using a matching team ID.
CVE-2016-7597 1 Apple 1 Iphone Os 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to maintain the unlocked state via vectors related to Handoff with Siri.
CVE-2015-3170 1 Selinux Project 1 Selinux 2025-04-20 N/A
selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows local users to cause a denial of service (SSH login prevention) by creating a hardlink to /etc/passwd from a directory named .config, and updating selinux-policy.
CVE-2016-7601 1 Apple 1 Iphone Os 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Local Authentication" component, which does not honor the configured screen-lock time interval if the Touch ID prompt is visible.
CVE-2016-6904 1 Netapp 1 Vasa Provider 2025-04-20 N/A
Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication credentials.
CVE-2016-3400 1 Netapp 1 Data Ontap 2025-04-20 N/A
NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol.
CVE-2016-6815 1 Apache 1 Ranger 2025-04-20 N/A
In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role.
CVE-2011-2683 1 Reseed Project 1 Reseed 2025-04-20 N/A
reseed seeds random numbers from an insecure HTTP request to random.org during installation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a man-in-the-middle attack.
CVE-2014-9907 1 Imagemagick 1 Imagemagick 2025-04-20 6.5 Medium
coders/dds.c in ImageMagick allows remote attackers to cause a denial of service via a crafted DDS file.
CVE-2016-6110 3 Ibm, Linux, Microsoft 4 Tivoli Storage Manager, Tivoli Storage Manager For Virtual Environments Data Protection For Vmware, Linux Kernel and 1 more 2025-04-20 N/A
IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user.
CVE-2017-7913 1 Moxa 12 Oncell 5004-hspa, Oncell 5004-hspa Firmware, Oncell 5104-hsdpa and 9 more 2025-04-20 N/A
A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application's configuration file contains parameters that represent passwords in plaintext.
CVE-2016-7630 1 Apple 1 Iphone Os 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebSheet" component, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors.
CVE-2016-7638 1 Apple 1 Iphone Os 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Find My iPhone" component, which allows physically proximate attackers to disable this component by bypassing authentication.
CVE-2016-5196 1 Google 1 Chrome 2025-04-20 N/A
The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including those the user was logged into, via a crafted HTML page.
CVE-2015-6472 1 Wago 6 750-849, 750-849 Firmware, 750-881 and 3 more 2025-04-20 N/A
WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management.
CVE-2015-6473 1 Wago 4 750-849, 750-849 Firmware, 758-870 and 1 more 2025-04-20 N/A
WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation.
CVE-2015-6498 1 Alcatel-lucent 1 Home Device Manager 2025-04-20 N/A
Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4.2.2 allows remote attackers to spoof and make calls as target devices.
CVE-2015-6592 1 Huawei 2 Uap2105, Uap2105 Firmware 2025-04-20 N/A
Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell.
CVE-2015-8282 1 Seawell Networks 1 Spectrum Sdc 2025-04-20 N/A
SeaWell Networks Spectrum SDC 02.05.00 has a default password of "admin" for the "admin" account.