Search Results (2330 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-5057 1 Osram 1 Lightify Pro 2025-04-20 N/A
OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning.
CVE-2016-5066 1 Sierrawireless 2 Aleos Firmware, Gx 440 2025-04-20 N/A
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.
CVE-2016-6497 1 Apache 1 Groovy Ldap 2025-04-20 7.5 High
main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods.
CVE-2016-6815 1 Apache 1 Ranger 2025-04-20 N/A
In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role.
CVE-2016-5070 1 Sierrawireless 2 Aleos Firmware, Gx 440 2025-04-20 N/A
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext.
CVE-2016-6904 1 Netapp 1 Vasa Provider 2025-04-20 N/A
Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication credentials.
CVE-2016-9885 1 Pivotal Software 1 Gemfire For Pivotal Cloud Foundry 2025-04-20 N/A
An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geode Shell) endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly accessible. Because HTTPS communications are terminated at the gorouter, communications from the gorouter to GemFire clusters are unencrypted. An attacker could run any command available on gfsh and could cause denial of service, lost confidentiality of data, escalate privileges, or eavesdrop on other communications between the gorouter and the cluster.
CVE-2016-5933 1 Ibm 1 Tivoli Monitoring 2025-04-20 N/A
IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM Reference #: 1997223.
CVE-2016-5898 1 Ibm 1 Jazz Reporting Service 2025-04-20 N/A
IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization. By sending a direct request, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2016-4996 1 Redhat 3 Enterprise Linux Server, Satellite, Satellite Capsule 2025-04-20 N/A
discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain the root password by reading the system journal, or by clicking Logs on the console.
CVE-2016-9868 1 Emc 1 Scaleio 2025-04-20 N/A
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may cause a denial-of-service by generating a kernel panic in the SCINI driver using IOCTL calls which may render the ScaleIO Data Client (SDC) server unavailable until the next reboot.
CVE-2016-8962 1 Ibm 1 Bigfix Inventory 2025-04-20 N/A
IBM BigFix Inventory 9.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 118851.
CVE-2016-8964 1 Ibm 2 Bigfix Inventory, License Metric Tool 2025-04-20 N/A
IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 118853.
CVE-2016-8967 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Bigfix Inventory and 4 more 2025-04-20 N/A
IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user.
CVE-2017-2583 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt 2025-04-20 N/A
The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application.
CVE-2016-9010 1 Ibm 2 Integration Bus, Websphere Message Broker 2025-04-20 N/A
IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM Reference #: 1997906.
CVE-2016-1520 1 Grandstream 1 Wave 2025-04-20 N/A
The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application.
CVE-2010-1776 1 Apple 1 Iphone Os 2025-04-20 N/A
Find My iPhone on iOS 2.0 through 3.1.3 for iPhone 3G and later and iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later, when Find My iPhone is disabled, allows remote authenticated users with an associated MobileMe account to wipe the device.
CVE-2016-9081 1 Joomla 1 Joomla\! 2025-04-20 N/A
Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors.
CVE-2016-10321 1 Web2py 1 Web2py 2025-04-20 N/A
web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks.