Export limit exceeded: 24880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-4165 | 1 Adobe | 1 Brackets | 2025-04-12 | N/A |
| The extension manager in Adobe Brackets before 1.7 allows attackers to have an unspecified impact via invalid input. | ||||
| CVE-2016-4253 | 1 Adobe | 1 Experience Manager | 2025-04-12 | N/A |
| The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2016-4324 | 3 Canonical, Debian, Libreoffice | 3 Ubuntu Linux, Debian Linux, Libreoffice | 2025-04-12 | N/A |
| Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens. | ||||
| CVE-2016-4332 | 1 Hdfgroup | 1 Hdf5 | 2025-04-12 | N/A |
| The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library. | ||||
| CVE-2016-4348 | 3 Debian, Gnome, Opensuse | 4 Debian Linux, Librsvg, Leap and 1 more | 2025-04-12 | N/A |
| The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an SVG document. | ||||
| CVE-2016-4353 | 2 Canonical, Gnupg | 2 Ubuntu Linux, Libksba | 2025-04-12 | N/A |
| ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data. | ||||
| CVE-2016-4367 | 1 Hp | 1 Universal Cmbd Foundation | 2025-04-12 | N/A |
| The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, 10.10, 10.11, 10.20, and 10.21 allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2016-4368 | 1 Hp | 3 Universal Cmbd Configuration Manager, Universal Cmbd Foundation, Universal Discovery | 2025-04-12 | N/A |
| HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration Manager 10.0 through 10.21, and Universal Discovery 10.0 through 10.21 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | ||||
| CVE-2016-4372 | 1 Hp | 6 Intelligent Management Center Application Performance Manager, Intelligent Management Center Branch Intelligent Management System, Intelligent Management Center Endpoint Admission Defense and 3 more | 2025-04-12 | N/A |
| HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM before 7.2 E0401P04, iMC NTA before 7.2 E0401P01, iMC BIMS before 7.2 E0402P02, and iMC UAM_TAM before 7.2 E0405P05 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | ||||
| CVE-2016-4378 | 1 Hp | 2 Xp7 Command View, Xp 9000 Command View | 2025-04-12 | N/A |
| The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Edition Software before 8.4.1-00 and XP7 Command View Advanced Edition Suite before 8.4.1-00 allow remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2016-4420 | 1 Wireshark | 1 Wireshark | 2025-04-12 | N/A |
| The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. | ||||
| CVE-2016-4421 | 1 Wireshark | 1 Wireshark | 2025-04-12 | N/A |
| epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifies deeply nested data. | ||||
| CVE-2016-4431 | 1 Apache | 1 Struts | 2025-04-12 | N/A |
| Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method. | ||||
| CVE-2016-4433 | 1 Apache | 1 Struts | 2025-04-12 | N/A |
| Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request. | ||||
| CVE-2016-4438 | 1 Apache | 1 Struts | 2025-04-12 | N/A |
| The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression. | ||||
| CVE-2016-4449 | 4 Canonical, Debian, Redhat and 1 more | 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more | 2025-04-12 | N/A |
| XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. | ||||
| CVE-2016-4465 | 1 Apache | 1 Struts | 2025-04-12 | N/A |
| The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field. | ||||
| CVE-2016-4476 | 2 Canonical, W1.fi | 3 Ubuntu Linux, Hostapd, Wpa Supplicant | 2025-04-12 | 7.5 High |
| hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation. | ||||
| CVE-2016-4474 | 1 Redhat | 2 Openstack, Openstack-director | 2025-04-12 | N/A |
| The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) director (aka overcloud-full) use a default root password of ROOTPW, which allows attackers to gain access via unspecified vectors. | ||||
| CVE-2016-4482 | 4 Canonical, Fedoraproject, Linux and 1 more | 11 Ubuntu Linux, Fedora, Linux Kernel and 8 more | 2025-04-12 | N/A |
| The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. | ||||