Total
2820 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-2014 | 1 Hp | 1 Network Node Manager I | 2024-08-05 | N/A |
HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. | ||||
CVE-2016-2009 | 1 Hp | 1 Network Node Manager I | 2024-08-05 | N/A |
HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | ||||
CVE-2016-1999 | 1 Hp | 1 Release Control | 2024-08-05 | N/A |
The server in HP Release Control 9.13, 9.20, and 9.21 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | ||||
CVE-2016-2049 | 1 Janrain | 1 Php-openid | 2024-08-05 | N/A |
examples/consumer/common.php in JanRain PHP OpenID library (aka php-openid) improperly checks the openid.realm parameter against the SERVER_NAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted HTTP Host header. | ||||
CVE-2016-2016 | 1 Hp | 4 Base-vxfs-50, Base-vxfs-501, Base-vxfs-51 and 1 more | 2024-08-05 | N/A |
Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mishandles ACL inheritance for default:class: entries, default:other: entries, and default:user: entries, which allows local users to bypass intended access restrictions by leveraging the configuration of a parent directory. | ||||
CVE-2016-1905 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-08-05 | N/A |
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object. | ||||
CVE-2016-1842 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-08-05 | N/A |
MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic. | ||||
CVE-2016-1920 | 1 Samsung | 1 Knox | 2024-08-05 | N/A |
Samsung KNOX 1.0.0 uses the shared certificate on Android, which allows local users to conduct man-in-the-middle attacks as demonstrated by installing a certificate and running a VPN service. | ||||
CVE-2016-1908 | 4 Debian, Openbsd, Oracle and 1 more | 10 Debian Linux, Openssh, Linux and 7 more | 2024-08-05 | 9.8 Critical |
The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server. | ||||
CVE-2016-1844 | 1 Apple | 1 Mac Os X | 2024-08-05 | N/A |
The Messages component in Apple OS X before 10.11.5 mishandles roster changes, which allows remote attackers to modify contact lists via unspecified vectors. | ||||
CVE-2016-1894 | 1 Netapp | 1 Oncommand Workflow Automation | 2024-08-05 | N/A |
NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors. | ||||
CVE-2016-1866 | 2 Opensuse, Saltstack | 2 Leap, Salt | 2024-08-05 | N/A |
Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream. | ||||
CVE-2016-1776 | 1 Apple | 1 Mac Os X Server | 2024-08-05 | N/A |
Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DS_Store and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request. | ||||
CVE-2016-1805 | 1 Apple | 1 Mac Os X | 2024-08-05 | N/A |
CoreStorage in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app. | ||||
CVE-2016-1797 | 1 Apple | 1 Mac Os X | 2024-08-05 | N/A |
Apple Type Services (ATS) in Apple OS X before 10.11.5 allows attackers to bypass intended FontValidator sandbox-policy restrictions and execute arbitrary code in a privileged context via a crafted app. | ||||
CVE-2016-1806 | 1 Apple | 1 Mac Os X | 2024-08-05 | N/A |
Crash Reporter in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app. | ||||
CVE-2016-1770 | 1 Apple | 1 Mac Os X | 2024-08-05 | N/A |
The Reminders component in Apple OS X before 10.11.4 allows attackers to bypass an intended user-confirmation requirement and trigger a dialing action via a tel: URL. | ||||
CVE-2016-1782 | 1 Apple | 2 Iphone Os, Safari | 2024-08-05 | N/A |
WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly restrict redirects that specify a TCP port number, which allows remote attackers to bypass intended port restrictions via a crafted web site. | ||||
CVE-2016-1774 | 1 Apple | 1 Mac Os X Server | 2024-08-05 | N/A |
The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions. | ||||
CVE-2016-1760 | 1 Apple | 1 Iphone Os | 2024-08-05 | N/A |
The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app's events via a crafted app. |