Search Results (12622 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-9815 1 Xen 1 Xen 2025-04-20 N/A
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort.
CVE-2014-8180 2 Mongodb, Redhat 2 Mongodb, Satellite 2025-04-20 N/A
MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service.
CVE-2016-6331 1 Mediawiki 1 Mediawiki 2025-04-20 N/A
ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php.
CVE-2017-6722 1 Cisco 1 Unified Contact Center Express 2025-04-20 N/A
A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. More Information: CSCuw86638. Known Affected Releases: 10.6(1). Known Fixed Releases: 11.5(1.10000.61).
CVE-2016-2403 1 Sensiolabs 1 Symfony 2025-04-20 N/A
Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind.
CVE-2016-4908 1 Cybozu 1 Garoon 2025-04-20 N/A
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.
CVE-2016-4910 1 Cybozu 1 Garoon 2025-04-20 N/A
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors.
CVE-2016-10124 1 Linuxcontainers 1 Lxc 2025-04-20 N/A
An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container.
CVE-2017-17430 1 Sangoma 2 Netborder\/vega Session, Netborder\/vega Session Firmware 2025-04-20 N/A
Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface.
CVE-2017-16684 1 Sap 1 Business Intelligence Promotion Management Application 2025-04-20 N/A
SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity.
CVE-2016-4863 1 Toshiba 1 Flashair 2025-04-20 N/A
The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II Class 10 model W-02 series with firmware version 2.00.02 and later, FlashAir III Class 10 model W-03 series, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir W-02 series Class 10 model with firmware version 2.00.02 and later, FlashAir W-03 series Class 10 model does not require authentication on accepting a connection from STA side LAN when "Internet pass-thru Mode" is enabled, which allows attackers with access to STA side LAN can obtain files or data.
CVE-2016-4874 1 Cybozu 1 Office 2025-04-20 N/A
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack.
CVE-2016-5026 1 Onionshare 1 Onionshare 2025-04-20 N/A
hs.py in OnionShare before 0.9.1 allows local users to modify the hiddenservice by pre-creating the /tmp/onionshare directory.
CVE-2016-5750 1 Netiq 1 Access Manager 2025-04-20 N/A
The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users.
CVE-2016-5791 1 Jantek 2 Jtc-200, Jtc-200 Firmware 2025-04-20 N/A
An Improper Authentication issue was discovered in JanTek JTC-200, all versions. The improper authentication could provide an undocumented BusyBox Linux shell accessible over the TELNET service without any authentication.
CVE-2016-5801 1 Omnimetrix 1 Omniview 2025-04-20 N/A
An issue was discovered in OmniMetrix OmniView, Version 1.2. Insufficient password requirements for the OmniView web application may allow an attacker to gain access by brute forcing account passwords.
CVE-2016-5964 1 Ibm 1 Security Privileged Identity Manager 2025-04-20 N/A
IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
CVE-2016-5990 1 Ibm 1 Security Privileged Identity Manager 2025-04-20 N/A
IBM Security Privileged Identity Manager Virtual Appliance allows an authenticated user to upload malicious files that would be automatically executed by the server.
CVE-2016-6077 1 Ibm 1 Cognos Disclosure Management 2025-04-20 N/A
IBM Cognos Disclosure Management 10.2 could allow a malicious attacker to execute commands as a lower privileged user that opens a malicious document. IBM Reference #: 1991584.
CVE-2016-6089 1 Ibm 1 Websphere Mq 2025-04-20 N/A
IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. IBM X-Force ID: 117926.