Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2197 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-10336 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Android releases from CAF using the Linux kernel, some regions of memory were not protected during boot. | ||||
| CVE-2016-10401 | 1 Zyxel | 2 Pk5001z, Pk5001z Firmware | 2025-04-20 | N/A |
| ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices). | ||||
| CVE-2016-3128 | 1 Blackberry | 1 Enterprise Service | 2025-04-20 | N/A |
| A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for the BES, or send false information to the BES by gaining access to specific information about a device that was legitimately enrolled on the BES. | ||||
| CVE-2016-5052 | 1 Osram | 1 Lightify Home | 2025-04-20 | N/A |
| OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning. | ||||
| CVE-2016-5057 | 1 Osram | 1 Lightify Pro | 2025-04-20 | N/A |
| OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning. | ||||
| CVE-2016-5066 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2025-04-20 | N/A |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user. | ||||
| CVE-2016-5070 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2025-04-20 | N/A |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext. | ||||
| CVE-2016-5091 | 1 Typo3 | 1 Typo3 | 2025-04-20 | N/A |
| Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action. | ||||
| CVE-2016-5117 | 1 Openntpd | 1 Openntpd | 2025-04-20 | N/A |
| OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate. | ||||
| CVE-2016-6271 | 1 Bzrtp Project | 1 Bzrtp | 2025-04-20 | N/A |
| The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception. | ||||
| CVE-2016-6815 | 1 Apache | 1 Ranger | 2025-04-20 | N/A |
| In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role. | ||||
| CVE-2016-6904 | 1 Netapp | 1 Vasa Provider | 2025-04-20 | N/A |
| Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication credentials. | ||||
| CVE-2016-8314 | 1 Oracle | 1 Flexcube Core Banking | 2025-04-20 | N/A |
| Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 5.1.0, 5.2.0 and 11.5.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Core Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Core Banking accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts). | ||||
| CVE-2016-8329 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2025-04-20 | N/A |
| Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Mobile Application Platform). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts). | ||||
| CVE-2016-8375 | 1 Bd | 1 Alaris 8015 Pc Unit | 2025-04-20 | N/A |
| An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7, and 8000 PC unit. An unauthorized user with physical access to an affected Alaris PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling the PC unit and accessing the device's flash memory. The Alaris 8015 PC unit, Version 9.7, and the 8000 PC unit store wireless network authentication credentials and other sensitive technical data on internal flash memory. Accessing the internal flash memory of the affected device would require special tools to extract data and carrying out this attack at a healthcare facility would increase the likelihood of detection. | ||||
| CVE-2016-8378 | 1 Lynxspring | 1 Jenesys Bas Bridge | 2025-04-20 | N/A |
| An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application's database lacks sufficient safeguards for protecting credentials. | ||||
| CVE-2017-11818 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more | 2025-04-20 | N/A |
| The Microsoft Windows Storage component on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass vulnerability when it fails to validate an integrity-level check, aka "Windows Storage Security Feature Bypass Vulnerability". | ||||
| CVE-2017-12353 | 1 Cisco | 1 Asyncos | 2025-04-20 | N/A |
| A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a malformed MIME header in an email attachment. An attacker could exploit this vulnerability by sending an email with a crafted MIME attachment. For example, a successful exploit could allow the attacker to bypass configured user filters to drop the email. The malformed MIME headers may not be RFC compliant. However, some mail clients could still allow users to access the attachment, which may not have been properly filtered by the device. Cisco Bug IDs: CSCvf44666. | ||||
| CVE-2017-6022 | 1 Bd | 2 Kla Journal Service, Performa | 2025-04-20 | N/A |
| A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database. | ||||
| CVE-2012-5010 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-20 | N/A |
| ASA 5515-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim, ASA 5510 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.4.x before 8.4.7 Interim, 8.2.x before 8.2.5 Interim, 9.1.x before 9.1.6 Interim, ASA 5555-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5512-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5520 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.2.x before 8.2.5 Interim, 8.4.x before 8.4.7 Interim, 9.1.x before 9.1.6 Interim, ASA 5505 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.2.x before 9.2.4 Interim, 8.4.x before 8.4.7 Interim, 9.1.x before 9.1.6 Interim, ASA 5525-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5512-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim or 9.2.4.SMP, 9.1.x before 9.1.6 Interim, ASA 5545-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5585-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5540 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.2.x before 8.2.5 Interim, 8.4.x before 8.4.7 Interim, 9.1.x before 9.1.6 Interim, ASA 5515-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5555-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.2.x before 9.2.4 Interim or 9.2.4.SMP, 9.4.x before 9.4.1 Interim, 9.1.x before 9.1.6 Interim, ASA 5580 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.1.x before 9.1.6 Interim, ASA 5585-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.2.x before 9.2.4 Interim, 9.4.x before 9.4.1 Interim, ASA 5525-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim or 9.2.4.SMP, 9.1.x before 9.1.6 Interim, ASA 5545-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim or 9.2.4.SMP. 9.1.x before 9.1.6 ASA does not check the source of the ARP request or GARP packets for addresses it performs NAT translation for under unspecified conditions. | ||||