Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-1794 1 Apple 1 Mac Os X 2025-04-12 N/A
The AppleGraphicsControlClient::checkArguments method in AppleGraphicsControl in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
CVE-2016-1798 1 Apple 1 Mac Os X 2025-04-12 N/A
Audio in Apple OS X before 10.11.5 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.
CVE-2016-1816 1 Apple 1 Mac Os X 2025-04-12 N/A
IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
CVE-2016-1821 1 Apple 1 Mac Os X 2025-04-12 N/A
IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
CVE-2016-1826 1 Apple 1 Mac Os X 2025-04-12 N/A
Integer overflow in the dtrace implementation in the kernel in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2016-2221 1 Wordpress 1 Wordpress 2025-04-12 N/A
Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL that triggers incorrect hostname parsing, as demonstrated by an https:example.com URL.
CVE-2016-2222 1 Wordpress 1 Wordpress 2025-04-12 N/A
The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet of an IPv4 address in the u parameter to wp-admin/press-this.php.
CVE-2016-2232 1 Digium 2 Asterisk, Certified Asterisk 2025-04-12 N/A
Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost.
CVE-2016-2271 1 Xen 1 Xen 2025-04-12 N/A
VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP.
CVE-2016-2303 1 Ecava 1 Integraxor 2025-04-12 N/A
CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
CVE-2016-2308 1 American Auto-matrix 2 Aspect-matrix Building Automation Front-end Solutions Application, Aspect-nexus Building Automation Front-end Solutions Application 2025-04-12 N/A
American Auto-Matrix Aspect-Nexus Building Automation Front-End Solutions application before 3.0.0 and Aspect-Matrix Building Automation Front-End Solutions application store passwords in cleartext, which allows remote attackers to obtain sensitive information by reading a file.
CVE-2016-2340 1 Graniteds 1 Granite Data Services 2025-04-12 N/A
The AMF framework in Granite Data Services 3.1.1-SNAPSHOT allows remote authenticated users to read arbitrary files, send TCP requests to intranet servers, or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2016-2343 1 Patterson Dental 1 Eaglesoft 2025-04-12 N/A
Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the dba account, which allows remote attackers to obtain sensitive Dental.DB patient information via SQL statements.
CVE-2016-2353 1 Accellion 1 File Transfer Appliance 2025-04-12 N/A
The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows local users to add an SSH key to an arbitrary group, and consequently gain privileges, via unspecified vectors.
CVE-2016-2362 1 Fonality 1 Fonality 2025-04-12 N/A
Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 has a hardcoded password for the FTP account, which allows remote attackers to obtain access via a (1) FTP or (2) SSH connection.
CVE-2016-2364 1 Fonality 2 Fonality, Hud Web 2025-04-12 N/A
The Chrome HUDweb plugin before 2016-05-05 for Fonality (previously trixbox Pro) 12.6 through 14.1i uses the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
CVE-2016-2384 3 Linux, Novell, Redhat 4 Linux Kernel, Suse Linux Enterprise Real Time Extension, Enterprise Linux and 1 more 2025-04-12 N/A
Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.
CVE-2016-2392 2 Canonical, Qemu 2 Ubuntu Linux, Qemu 2025-04-12 N/A
The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet.
CVE-2016-3039 1 Ibm 1 Traveler 2025-04-12 N/A
IBM Traveler 8.x and 9.x before 9.0.1.12 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2016-3116 1 Dropbear Ssh Project 1 Dropbear Ssh 2025-04-12 N/A
CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data.