Total
416 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-0332 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2024-08-05 | N/A |
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. IBM X-Force ID: 111695. | ||||
CVE-2016-0274 | 1 Ibm | 1 Financial Transaction Manager | 2024-08-05 | N/A |
IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote attackers to conduct clickjacking attacks via a crafted web site. IBM X-Force ID: 111076. | ||||
CVE-2016-0287 | 2 Ibm, Microsoft | 2 I Access, Windows | 2024-08-05 | N/A |
IBM i Access 7.1 on Windows allows local users to discover registry passwords via unspecified vectors. | ||||
CVE-2016-0266 | 1 Ibm | 2 Aix, Vios | 2024-08-05 | N/A |
IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | ||||
CVE-2016-0240 | 1 Ibm | 1 Security Guardium Database Activity Monitor | 2024-08-05 | N/A |
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP. | ||||
CVE-2016-0158 | 1 Microsoft | 1 Edge | 2024-08-05 | N/A |
Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0161. | ||||
CVE-2016-0181 | 1 Microsoft | 1 Windows 10 | 2024-08-05 | N/A |
Microsoft Windows 10 Gold and 1511 allows local users to bypass the Virtual Secure Mode Hypervisor Code Integrity (HVCI) protection mechanism and perform RWX markings of kernel-mode pages via a crafted application, aka "Hypervisor Code Integrity Security Feature Bypass." | ||||
CVE-2016-0128 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-08-05 | 6.8 Medium |
The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 do not properly establish an RPC channel, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "Windows SAM and LSAD Downgrade Vulnerability" or "BADLOCK." | ||||
CVE-2016-0161 | 1 Microsoft | 1 Edge | 2024-08-05 | N/A |
Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0158. | ||||
CVE-2016-0137 | 1 Microsoft | 1 Office | 2024-08-05 | N/A |
The Click-to-Run (C2R) implementation in Microsoft Office 2013 SP1 and 2016 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Microsoft APP-V ASLR Bypass." | ||||
CVE-2016-0019 | 1 Microsoft | 1 Windows 10 | 2024-08-05 | N/A |
The Remote Desktop Protocol (RDP) service implementation in Microsoft Windows 10 Gold and 1511 allows remote attackers to bypass intended access restrictions and establish sessions for blank-password accounts via a modified RDP client, aka "Windows Remote Desktop Protocol Security Bypass Vulnerability." | ||||
CVE-2017-18462 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based protection is enabled (SEC-224). | ||||
CVE-2017-18476 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
Leech Protect in cPanel before 62.0.4 does not protect certain directories (SEC-205). | ||||
CVE-2017-18480 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210). | ||||
CVE-2017-18445 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249). | ||||
CVE-2017-18477 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206). | ||||
CVE-2017-18467 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-229). | ||||
CVE-2017-18429 | 1 Cpanel | 1 Cpanel | 2024-08-05 | 3.3 Low |
In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291). | ||||
CVE-2017-13718 | 1 Starry | 2 S00111, S00111 Firmware | 2024-08-05 | N/A |
The HTTP API supported by Starry Station (aka Starry Router) allows brute forcing the PIN setup by the user on the device, and this allows an attacker to change the Wi-Fi settings and PIN, as well as port forward and expose any internal device's port to the Internet. It was identified that the device uses custom Python code called "rodman" that allows the mobile appication to interact with the device. The APIs that are a part of this rodman Python file allow the mobile application to interact with the device using a secret, which is a uuid4 based session identifier generated by the device the first time it is set up. However, in some cases, these APIs can also use a security code. This security code is nothing but the PIN number set by the user to interact with the device when using the touch interface on the router. This allows an attacker on the Internet to interact with the router's HTTP interface when a user navigates to the attacker's website, and brute force the credentials. Also, since the device's server sets the Access-Control-Allow-Origin header to "*", an attacker can easily interact with the JSON payload returned by the device and steal sensitive information about the device. | ||||
CVE-2017-12353 | 1 Cisco | 1 Asyncos | 2024-08-05 | N/A |
A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a malformed MIME header in an email attachment. An attacker could exploit this vulnerability by sending an email with a crafted MIME attachment. For example, a successful exploit could allow the attacker to bypass configured user filters to drop the email. The malformed MIME headers may not be RFC compliant. However, some mail clients could still allow users to access the attachment, which may not have been properly filtered by the device. Cisco Bug IDs: CSCvf44666. |