Export limit exceeded: 346367 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25150 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-3786 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The Bluetooth subsystem in Apple OS X before 10.10.5 does not properly restrict Notification Center Service access, which allows attackers to read Notification Center notifications of certain paired devices via a crafted app. | ||||
| CVE-2016-6313 | 4 Canonical, Debian, Gnupg and 1 more | 5 Ubuntu Linux, Debian Linux, Gnupg and 2 more | 2025-04-12 | N/A |
| The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits. | ||||
| CVE-2016-6317 | 2 Redhat, Rubyonrails | 2 Rhel Software Collections, Rails | 2025-04-12 | N/A |
| Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155. | ||||
| CVE-2016-6344 | 1 Redhat | 3 Jboss Bpm Suite, Jboss Bpms, Jboss Enterprise Brms Platform | 2025-04-12 | N/A |
| Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies. | ||||
| CVE-2016-6345 | 1 Redhat | 1 Resteasy | 2025-04-12 | N/A |
| RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs. | ||||
| CVE-2016-6356 | 1 Cisco | 1 Email Security Appliance | 2025-04-12 | N/A |
| A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. More Information: CSCuz63143. Known Affected Releases: 8.5.7-042 9.7.0-125. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047. | ||||
| CVE-2016-6364 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified API calls, aka Bug ID CSCux67855. | ||||
| CVE-2016-6358 | 1 Cisco | 1 Email Security Appliance | 2025-04-12 | N/A |
| A vulnerability in local FTP to the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition when the FTP application unexpectedly quits. More Information: CSCux68539. Known Affected Releases: 9.1.0-032 9.7.1-000. Known Fixed Releases: 9.1.1-038. | ||||
| CVE-2016-6360 | 1 Cisco | 2 Email Security Appliance, Web Security Appliance | 2025-04-12 | N/A |
| A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to the AMP process unexpectedly restarting. Affected Products: Cisco AsyncOS Software for Email Security Appliances (ESA) versions 9.5 and later up to the first fixed release, Cisco AsyncOS Software for Web Security Appliances (WSA) all versions prior to the first fixed release. More Information: CSCux56406, CSCux59928. Known Affected Releases: 9.6.0-051 9.7.0-125 8.8.0-085 9.5.0-444 WSA10.0.0-000. Known Fixed Releases: 9.7.1-066 WSA10.0.0-233. | ||||
| CVE-2016-6361 | 1 Cisco | 1 Aironet Access Point Software | 2025-04-12 | N/A |
| The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via a crafted AMPDU header, aka Bug ID CSCuz56288. | ||||
| CVE-2016-6372 | 1 Cisco | 3 Email Security Appliance, Web Security Appliance, Web Security Appliance 8.0.5 | 2025-04-12 | N/A |
| A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of the targeted device. Emails that should have been quarantined could instead be processed. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA on both virtual and hardware appliances that are configured with message or content filters to scan incoming email attachments. More Information: CSCuy54740, CSCuy75174. Known Affected Releases: 9.7.1-066 9.5.0-575 WSA10.0.0-000. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047. | ||||
| CVE-2016-6374 | 1 Cisco | 1 Cloud Services Platform 2100 | 2025-04-12 | 9.8 Critical |
| Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote attackers to execute arbitrary code via a crafted dnslookup command in an HTTP request, aka Bug ID CSCuz89093. | ||||
| CVE-2016-6379 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | N/A |
| Cisco IOS 12.2 and IOS XE 3.14 through 3.16 and 16.1 allow remote attackers to cause a denial of service (device reload) via crafted IP Detail Record (IPDR) packets, aka Bug ID CSCuu35089. | ||||
| CVE-2016-6380 | 1 Cisco | 6 Ios, Ios Xe, Ios Xe 3.2ja and 3 more | 2025-04-12 | N/A |
| The DNS forwarder in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.15 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (data corruption or device reload) via a crafted DNS response, aka Bug ID CSCup90532. | ||||
| CVE-2016-6384 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | 7.5 High |
| Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka Bug ID CSCux04257. | ||||
| CVE-2016-6396 | 1 Cisco | 1 Firesight System Software | 2025-04-12 | N/A |
| Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via crafted fields in HTTP headers, aka Bug ID CSCuz44482. | ||||
| CVE-2016-6398 | 1 Cisco | 1 Ios | 2025-04-12 | N/A |
| The PPTP server in Cisco IOS 15.5(3)M does not properly initialize packet buffers, which allows remote attackers to obtain sensitive information from earlier network communication by reading packet data, aka Bug ID CSCvb16274. | ||||
| CVE-2016-6399 | 1 Cisco | 9 Ace 4700 Series Application Control Engine Appliance, Ace 4700 Series Application Control Engine Appliance A1, Ace 4700 Series Application Control Engine Appliance A3 and 6 more | 2025-04-12 | N/A |
| Cisco ACE30 Application Control Engine Module through A5 3.3 and ACE 4700 Application Control Engine appliances through A5 3.3 allow remote attackers to cause a denial of service (device reload) via crafted (1) SSL or (2) TLS packets, aka Bug ID CSCvb16317. | ||||
| CVE-2016-6405 | 1 Cisco | 1 Fog Director | 2025-04-12 | N/A |
| Cisco Fog Director 1.0(0) for IOx allows remote authenticated users to bypass intended access restrictions and write to arbitrary files via the Cartridge interface, aka Bug ID CSCuz89368. | ||||
| CVE-2016-6410 | 1 Cisco | 1 Ios | 2025-04-12 | N/A |
| The Cisco Application-hosting Framework (CAF) component in Cisco IOS 15.6(1)T1 and IOS XE, when the IOx feature set is enabled, allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuy19856. | ||||