Export limit exceeded: 11354 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11354 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-4322 | 1 Bmc | 1 Bladelogic Server Automation Console | 2025-04-12 | N/A |
| BMC BladeLogic Server Automation (BSA) before 8.7 Patch 3 allows remote attackers to bypass authentication and consequently read arbitrary files or possibly have unspecified other impact by leveraging a "logic flaw" in the authentication process. | ||||
| CVE-2016-4369 | 1 Hp | 1 Discovery And Dependency Mapping Inventory | 2025-04-12 | N/A |
| HPE Discovery and Dependency Mapping Inventory (DDMi) 9.30, 9.31, 9.32, 9.32 update 1, 9.32 update 2, and 9.32 update 3 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | ||||
| CVE-2016-4373 | 1 Hp | 1 Operations Manager | 2025-04-12 | N/A |
| The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | ||||
| CVE-2016-4407 | 1 Sap | 1 Sapcryptolib | 2025-04-12 | N/A |
| The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008. | ||||
| CVE-2016-4422 | 2 Debian, Libpam-sshauth Project | 2 Debian Linux, Libpam-sshauth | 2025-04-12 | 9.8 Critical |
| The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account. | ||||
| CVE-2016-5104 | 3 Canonical, Libimobiledevice, Opensuse | 5 Ubuntu Linux, Libimobiledevice, Libusbmuxd and 2 more | 2025-04-12 | N/A |
| The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket. | ||||
| CVE-2016-5101 | 2 Microsoft, Opera | 2 Windows, Opera Mail | 2025-04-12 | N/A |
| Unspecified vulnerability in Opera Mail before 2016-02-16 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted e-mail message. | ||||
| CVE-2016-4432 | 1 Apache | 1 Qpid Broker-j | 2025-04-12 | 9.1 Critical |
| The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging. | ||||
| CVE-2016-4440 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 7.8 High |
| arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the APICv on/off state, which allows guest OS users to obtain direct APIC MSR access on the host OS, and consequently cause a denial of service (host OS crash) or possibly execute arbitrary code on the host OS, via x2APIC mode. | ||||
| CVE-2016-4451 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2025-04-12 | N/A |
| The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restrictions and read or modify data for an arbitrary organization by leveraging knowledge of the id of that organization. | ||||
| CVE-2016-4464 | 1 Apache | 1 Cxf Fediz | 2025-04-12 | N/A |
| The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature. | ||||
| CVE-2016-4475 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2025-04-12 | N/A |
| The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors. | ||||
| CVE-2016-4495 | 1 Kmc Controls | 2 Bac-5051e, Bac-5051e Firmware | 2025-04-12 | N/A |
| KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allow remote attackers to bypass intended access restrictions and read a configuration file via unspecified vectors. | ||||
| CVE-2016-4501 | 1 Envirosys | 1 Esc 8832 Data Controller | 2025-04-12 | N/A |
| Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors. | ||||
| CVE-2016-4502 | 1 Envirosys | 1 Esc 8832 Data Controller | 2025-04-12 | N/A |
| Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier allows remote attackers to bypass intended access restrictions and execute arbitrary functions via a modified parameter. | ||||
| CVE-2016-4503 | 1 Moxa | 2 Device Server Web Console 5232-n, Device Server Web Console 5232-n Firmware | 2025-04-12 | 9.8 Critical |
| Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings and data, via vectors related to reading a cookie parameter containing a UserId value. | ||||
| CVE-2016-4510 | 1 Trihedral | 1 Vtscada | 2025-04-12 | N/A |
| The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentication and read arbitrary files via unspecified vectors. | ||||
| CVE-2016-4524 | 1 Abb | 1 Pcm600 | 2025-04-12 | N/A |
| ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords in unspecified temporary circumstances, which allows local users to obtain sensitive information via unknown vectors. | ||||
| CVE-2016-4531 | 1 Rockwellautomation | 1 Factorytalk Energrymetrix | 2025-04-12 | N/A |
| Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | ||||
| CVE-2016-5086 | 1 Animas | 2 Onetouch Ping, Onetouch Ping Firmware | 2025-04-12 | N/A |
| Johnson & Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks. | ||||