Search Results (26990 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-8717 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2024-11-21 9.8 Critical
An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of affected devices.
CVE-2016-7398 1 Php 1 Ext-http 2024-11-21 9.8 Critical
A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests.
CVE-2016-7063 1 Pritunl 1 Pritunl-client 2024-11-21 9.8 Critical
A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrary write to user specified path may lead to privilege escalation.
CVE-2016-6918 1 Lexmark 1 Markvision Enterprise 2024-11-21 9.8 Critical
Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files. (
CVE-2016-6813 1 Apache 1 Cloudstack 2024-11-21 9.8 Critical
Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another (non-"root") CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn accessing their account and resources.
CVE-2016-5202 5 Apple, Google, Linux and 2 more 5 Macos, Chrome, Linux Kernel and 2 more 2024-11-21 9.1 Critical
browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase operation will destroy.
CVE-2016-5194 2 Google, Redhat 2 Chrome, Rhel Extras 2024-11-21 9.8 Critical
Unspecified vulnerabilities in Google Chrome before 54.0.2840.59.
CVE-2016-4991 1 Nodepdf Project 1 Nodepdf 2024-11-21 9.8 Critical
Input passed to the Pdf() function is shell escaped and passed to child_process.exec() during PDF rendering. However, the shell escape does not properly encode all special characters, namely, semicolon and curly braces. This can be abused to achieve command execution. This problem affects nodepdf 1.3.0.
CVE-2016-4606 2 Apple, Haxx 2 Mac Os X, Curl 2024-11-21 9.8 Critical
Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks.
CVE-2016-4401 1 Arubanetworks 1 Clearpass 2024-11-21 9.8 Critical
Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials.
CVE-2016-2360 1 Milesight 2 Ip Security Camera, Ip Security Camera Firmware 2024-11-21 9.8 Critical
Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations.
CVE-2016-2359 1 Milesight 2 Ip Security Camera, Ip Security Camera Firmware 2024-11-21 9.8 Critical
Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource.
CVE-2016-2358 1 Milesight 2 Ip Security Camera, Ip Security Camera Firmware 2024-11-21 9.8 Critical
Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts.
CVE-2016-2357 1 Milesight 2 Ip Security Camera, Ip Security Camera Firmware 2024-11-21 9.8 Critical
Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory.
CVE-2016-2356 1 Milesight 2 Ip Security Camera, Ip Security Camera Firmware 2024-11-21 9.8 Critical
Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password.
CVE-2016-2338 2 Debian, Ruby-lang 2 Debian Linux, Ruby 2024-11-21 9.8 Critical
An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow.
CVE-2016-2031 2 Arubanetworks, Siemens 5 Airwave, Aruba Instant, Arubaos and 2 more 2024-11-21 9.8 Critical
Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code.
CVE-2016-20014 1 Pam Tacplus Project 1 Pam Tacplus 2024-11-21 9.8 Critical
In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.
CVE-2016-20010 1 Ewww 1 Image Optimizer 2024-11-21 10.0 Critical
EWWW Image Optimizer before 2.8.5 allows remote command execution because it relies on a protection mechanism involving boolval, which is unavailable before PHP 5.5.
CVE-2016-20009 2 Siemens, Windriver 15 Sgt-100, Sgt-100 Firmware, Sgt-200 and 12 more 2024-11-21 9.8 Critical
A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerability only affects products that are no longer supported by the maintainer