Search Results (2199 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-2833 3 Canonical, Mozilla, Opensuse 4 Ubuntu Linux, Firefox, Leap and 1 more 2025-04-12 N/A
Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet.
CVE-2016-2846 1 Siemens 2 Simatic S7 1200 Cpu, Simatic S7 Cpu 1200 Firmware 2025-04-12 N/A
Siemens SIMATIC S7-1200 CPU devices before 4.0 allow remote attackers to bypass a "user program block" protection mechanism via unspecified vectors.
CVE-2016-2867 1 Ibm 2 Infosphere Streams, Streams 2025-04-12 N/A
IBM InfoSphere Streams before 4.0.1.2 and IBM Streams before 4.1.1.1 do not properly implement the runAsUser feature, which allows local users to obtain root group privileges via unspecified vectors.
CVE-2016-2881 1 Ibm 1 Qradar Security Information And Event Manager 2025-04-12 N/A
IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 and QRadar Incident Forensics 7.2 before 7.2.7 allow remote attackers to bypass intended access restrictions via modified request parameters.
CVE-2016-2929 1 Ibm 1 Bigfix Remote Control 2025-04-12 N/A
IBM BigFix Remote Control before 9.1.3 does not properly restrict password choices, which makes it easier for remote attackers to obtain access via a brute-force approach.
CVE-2016-2936 1 Ibm 1 Bigfix Remote Control 2025-04-12 N/A
IBM BigFix Remote Control before 9.1.3 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information via unknown vectors.
CVE-2016-3749 1 Google 1 Android 2025-04-12 N/A
server/LockSettingsService.java in LockSettingsService in Android 6.x before 2016-07-01 allows attackers to modify the screen-lock password or pattern via a crafted application, aka internal bug 28163930.
CVE-2016-3752 1 Google 1 Android 2025-04-12 N/A
internal/app/ChooserActivity.java in the ChooserTarget service in Android 6.x before 2016-07-01 mishandles target security checks, which allows attackers to gain privileges via a crafted application, aka internal bug 28384423.
CVE-2016-3946 1 Sap 1 Sapconsole 2025-04-12 N/A
SAP Console (aka SAPConsole) 7.30 allows local users to discover SAP Server login credentials by reading the Windows registry, aka SAP Security Note 2121461.
CVE-2016-6340 1 Redhat 2 Enterprise Linux, Quickstart Cloud Installer 2025-04-12 N/A
The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack.
CVE-2016-6957 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more 2025-04-12 N/A
Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors.
CVE-2016-7031 2 Ceph Project, Redhat 2 Ceph, Ceph Storage 2025-04-12 N/A
The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL.
CVE-2016-7796 3 Novell, Redhat, Systemd Project 11 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Server For Sap and 8 more 2025-04-12 N/A
The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.
CVE-2016-7959 1 Siemens 1 Simatic Step 7 2025-04-12 N/A
Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to a file and conducting a brute-force attack.
CVE-2025-24375 2025-04-11 5 Medium
Charmed MySQL K8s operator is a Charmed Operator for running MySQL on Kubernetes. Before revision 221, the method for calling a SQL DDL or python based mysql-shell scripts can leak database users credentials. The method mysql-operator calls mysql-shell application rely on writing to a temporary script file containing the full URI, with user and password. The file can be read by a unprivileged user during the operator runtime, due it being created with read permissions (0x644). On other cases, when calling mysql cli, for one specific case when creating the operator users, the DDL contains said users credentials, which can be leak through the same mechanism of a temporary file. All versions prior to revision 221 for kubernetes and revision 338 for machine operators.
CVE-2013-4092 1 Imperva 1 Securesphere 2025-04-11 N/A
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows context-dependent attackers to obtain sensitive information by leveraging the presence of (1) a session ID in the jsessionid field to secsphLogin.jsp or (2) credentials in the j_password parameter to j_acegi_security_check, and reading (a) web-server access logs, (b) web-server Referer logs, or (c) the browser history.
CVE-2013-4114 1 Henri Wahl 1 Nagstamon 2025-04-11 N/A
The automatic update request in Nagstamont before 0.9.10 uses a cleartext base64 format for transmission of a username and password, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2013-5934 1 Open-xchange 1 Open-xchange Appsuite 2025-04-11 N/A
Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this password in the source code and then sending the password in a Hazelcast cluster API call, a different vulnerability than CVE-2013-5200.
CVE-2013-6034 6 Gatehouse, Harris, Hughes Network Systems and 3 more 9 Gatehouse, Bgan, 9201 and 6 more 2025-04-11 N/A
The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite terminals has hardcoded credentials, which makes it easier for attackers to obtain unspecified login access via unknown vectors.
CVE-2013-7248 1 Franklinfueling 2 Ts-550 Evo, Ts-550 Evo Firmware 2025-04-11 N/A
Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST.