Search Results (414 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-2114 3 Canonical, Redhat, Samba 7 Ubuntu Linux, Enterprise Linux, Rhel Aus and 4 more 2025-04-12 N/A
The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream.
CVE-2016-3353 1 Microsoft 1 Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 9 through 11 mishandles .url files from the Internet zone, which allows remote attackers to bypass intended access restrictions via a crafted file, aka "Internet Explorer Security Feature Bypass."
CVE-2016-3354 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2025-04-12 N/A
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "GDI Information Disclosure Vulnerability."
CVE-2016-3677 1 Huawei 2 Hilink App, Wear App 2025-04-12 N/A
The Huawei Wear App application before 15.0.0.307 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008.
CVE-2016-3752 1 Google 1 Android 2025-04-12 N/A
internal/app/ChooserActivity.java in the ChooserTarget service in Android 6.x before 2016-07-01 mishandles target security checks, which allows attackers to gain privileges via a crafted application, aka internal bug 28384423.
CVE-2016-4376 2 Broadcom, Hp 2 Fabric Operating System, Storefabric B Series Switch 2025-04-12 N/A
HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2016-4394 1 Hp 1 System Management Homepage 2025-04-12 N/A
HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue.
CVE-2016-4475 2 Redhat, Theforeman 3 Satellite, Satellite Capsule, Foreman 2025-04-12 N/A
The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors.
CVE-2016-4500 1 Moxa 2 Uc-7408 Lx-plus, Uc-7408 Lx-plus Firmware 2025-04-12 N/A
Moxa UC-7408 LX-Plus devices allow remote authenticated users to write to the firmware, and consequently render a device unusable, by leveraging root access.
CVE-2016-6639 2 Cloudfoundry, Pivotal 2 Php-buildpack, Cloud Foundry Elastic Runtime 2025-04-12 7.5 High
Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might allow remote attackers to obtain sensitive information via an HTTP GET request for this file.
CVE-2016-6708 1 Google 1 Android 2025-04-12 N/A
An elevation of privilege in the System UI in Android 7.0 before 2016-11-01 could enable a local malicious user to bypass the security prompt of your work profile in Multi-Window mode. This issue is rated as High because it is a local bypass of user interaction requirements for any developer or security setting modifications. Android ID: A-30693465.
CVE-2016-6848 1 Open-xchange 1 Open-xchange Appsuite 2025-04-12 N/A
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client ("Reflected File Download"). Malicious platform specific (e.g. Microsoft Windows) batch file can be created via a trusted domain without authentication that, if executed by the user, may lead to local code execution.
CVE-2016-8502 1 Yandex 1 Yandex Browser 2025-04-12 N/A
Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript.
CVE-2016-8503 1 Yandex 1 Yandex Browser 2025-04-12 N/A
Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript.
CVE-2016-9160 1 Siemens 2 Simatic Pcs 7, Simatic Wincc 2025-04-12 N/A
A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking on a malicious link under certain conditions.
CVE-2016-9207 1 Cisco 1 Expressway 2025-04-12 N/A
A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. This does not allow for full traffic proxy through the Expressway. Affected Products: This vulnerability affects Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS). More Information: CSCvc10834. Known Affected Releases: X8.7.2 X8.8.3. Known Fixed Releases: X8.9.
CVE-2015-1674 1 Microsoft 5 Windows 8, Windows 8.1, Windows Rt and 2 more 2025-04-12 N/A
The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate an unspecified address, which allows local users to bypass the KASLR protection mechanism, and consequently discover the cng.sys base address, via a crafted application, aka "Windows Kernel Security Feature Bypass Vulnerability."
CVE-2015-1266 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
content/browser/webui/content_web_ui_controller_factory.cc in Google Chrome before 43.0.2357.130 does not properly consider the scheme in determining whether a URL is associated with a WebUI SiteInstance, which allows remote attackers to bypass intended access restrictions via a similar URL, as demonstrated by use of http://gpu when there is a WebUI class for handling chrome://gpu requests.
CVE-2016-1438 1 Cisco 2 Asyncos, Email Security Appliance Firmware 2025-04-12 N/A
Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210.
CVE-2016-1443 1 Cisco 1 Amp Threat Grid Appliance 2025-04-12 8.1 High
The virtual network stack on Cisco AMP Threat Grid Appliance devices before 2.1.1 allows remote attackers to bypass a sandbox protection mechanism, and consequently obtain sensitive interprocess information or modify interprocess data, via a crafted malware sample.