Export limit exceeded: 357710 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10590 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10590 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-1559 | 2 D-link, Dlink | 6 Dap-1353 H\/w B1 Firmware, Dap-2553 H\/w A1 Firmware, Dap-3520 H\/w A1 Firmware and 3 more | 2025-04-20 | N/A |
| D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver. A1 1.31 and earlier, and D-Link DAP-3520 H/W ver. A1 1.16 and earlier reveal wireless passwords and administrative usernames and passwords over SNMP. | ||||
| CVE-2016-1557 | 1 Netgear | 6 Wnap320, Wnap320 Firmware, Wndap350 and 3 more | 2025-04-20 | N/A |
| Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP. | ||||
| CVE-2016-1556 | 1 Netgear | 12 Wn604, Wn604 Firmware, Wnap320 and 9 more | 2025-04-20 | N/A |
| Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages. | ||||
| CVE-2016-1550 | 2 Ntp, Redhat | 3 Ntp, Enterprise Linux, Rhel Eus | 2025-04-20 | N/A |
| An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key. | ||||
| CVE-2017-13810 | 1 Apple | 1 Mac Os X | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows local users to obtain sensitive information by leveraging an error in packet counters. | ||||
| CVE-2017-13818 | 1 Apple | 1 Mac Os X | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | ||||
| CVE-2015-3277 | 1 Mod Nss Project | 1 Mod Nss | 2025-04-20 | N/A |
| The mod_nss module before 1.0.11 in Fedora allows remote attackers to obtain cipher lists due to incorrect parsing of multi-keyword cipherstring. | ||||
| CVE-2017-13821 | 1 Apple | 1 Mac Os X | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CFString" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | ||||
| CVE-2017-13822 | 1 Apple | 1 Mac Os X | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Quick Look" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | ||||
| CVE-2016-10181 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2025-04-20 | 7.5 High |
| An issue was discovered on the D-Link DWR-932B router. qmiweb provides sensitive information for CfgType=get_homeCfg requests. | ||||
| CVE-2016-10175 | 1 Netgear | 2 Wnr2000v5, Wnr2000v5 Firmware | 2025-04-20 | N/A |
| The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers to the password-recovery questions. | ||||
| CVE-2016-10143 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-20 | N/A |
| A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field. | ||||
| CVE-2016-10140 | 1 Zoneminder | 1 Zoneminder | 2025-04-20 | N/A |
| Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCTV images on the server via the /events URI. | ||||
| CVE-2016-10135 | 1 Lg | 1 Lg Mobile | 2025-04-20 | N/A |
| An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are accessible to any application that resides on the device. Namely, the com.mediatek.mtklogger.framework.LogReceiver and com.mediatek.mtklogger.framework.MTKLoggerService application components are exported since they contain an intent filter, are not protected by a custom permission, and do not explicitly set the android:exported attribute to false. Therefore, these components are exported by default and are thus accessible to any third party application by using android.content.Intent object for communication. These application components can be used to start and stop the logs using Intent objects with embedded data. The available logs are the GPS log, modem log, network log, and mobile log. The base directory that contains the directories for the 4 types of logs is /sdcard/mtklog which makes them accessible to apps that require the READ_EXTERNAL_STORAGE permission. The GPS log contains the GPS coordinates of the user as well as a timestamp for the coordinates. The modem log contains AT commands and their parameters which allow the user's outgoing and incoming calls and text messages to be obtained. The network log is a tcpdump network capture. The mobile log contains the Android log, which is not available to third-party apps as of Android 4.1. The LG ID is LVE-SMP-160019. | ||||
| CVE-2016-10073 | 1 Vanillaforums | 1 Vanilla | 2025-04-20 | N/A |
| The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request. | ||||
| CVE-2015-3400 | 1 Zfsonlinux | 1 Zfs | 2025-04-20 | N/A |
| sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the zfs repository, provides world readable access to the shared zfs file system, which might allow remote authenticated users to obtain sensitive information by reading shared files. | ||||
| CVE-2016-10058 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 5.5 Medium |
| Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file. | ||||
| CVE-2016-10047 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | N/A |
| Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file. | ||||
| CVE-2016-0382 | 1 Ibm | 1 Tealeaf Consumer Experience | 2025-04-20 | N/A |
| The IBM Tealeaf Consumer Experience 8.7, 8.8, and 9.0 portal exposes some of its operational state in a form that may be accidentally captured and exposed by network infrastructure components such as IIS. IBM X-Force ID: 112356. | ||||
| CVE-2015-3454 | 1 Vulcanjs | 1 Vulcan | 2025-04-20 | N/A |
| TelescopeJS before 0.15 leaks user bcrypt password hashes in websocket messages, which might allow remote attackers to obtain password hashes via a cross-site scripting attack. | ||||