Export limit exceeded: 346175 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 25144 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25144 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-2571 | 2 Redhat, Squid-cache | 2 Enterprise Linux, Squid | 2025-04-12 | N/A |
| http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response. | ||||
| CVE-2016-2572 | 2 Redhat, Squid-cache | 2 Enterprise Linux, Squid | 2025-04-12 | N/A |
| http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response. | ||||
| CVE-2016-2776 | 4 Hp, Isc, Oracle and 1 more | 10 Hp-ux, Bind, Linux and 7 more | 2025-04-12 | N/A |
| buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. | ||||
| CVE-2016-2786 | 1 Puppet | 2 Puppet Agent, Puppet Enterprise | 2025-04-12 | 9.8 Critical |
| The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof brokers and execute arbitrary commands via a crafted certificate. | ||||
| CVE-2016-2813 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-12 | N/A |
| Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment, and possibly discover PIN values, via a crafted web site, a similar issue to CVE-2016-1780. | ||||
| CVE-2016-2830 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-12 | N/A |
| Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses. | ||||
| CVE-2016-2832 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Leap and 1 more | 2025-04-12 | N/A |
| Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes. | ||||
| CVE-2016-2839 | 3 Ffmpeg, Linux, Mozilla | 3 Ffmpeg, Linux Kernel, Firefox | 2025-04-12 | N/A |
| Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video. | ||||
| CVE-2016-2841 | 2 Canonical, Qemu | 2 Ubuntu Linux, Qemu | 2025-04-12 | N/A |
| The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control. | ||||
| CVE-2016-2844 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service (incorrect cast and assertion failure) or possibly have unspecified other impact via crafted JavaScript code. | ||||
| CVE-2016-2845 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| The Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation reports, related to FrameFetchContext.cpp and ResourceFetcher.cpp. | ||||
| CVE-2016-2849 | 3 Botan Project, Debian, Fedoraproject | 3 Botan, Debian Linux, Fedora | 2025-04-12 | N/A |
| Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack. | ||||
| CVE-2016-2850 | 2 Botan Project, Fedoraproject | 2 Botan, Fedora | 2025-04-12 | N/A |
| Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors. | ||||
| CVE-2016-2861 | 1 Ibm | 1 Websphere Extreme Scale | 2025-04-12 | N/A |
| IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2016-2865 | 1 Ibm | 2 Rational Collaborative Lifecycle Management, Rational Team Concert | 2025-04-12 | N/A |
| The GIT Integration component in IBM Rational Team Concert (RTC) 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 and Rational Collaborative Lifecycle Management 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 allows remote authenticated users to obtain sensitive information via a malformed request. | ||||
| CVE-2016-2882 | 1 Ibm | 1 Tririga Application Platform | 2025-04-12 | N/A |
| IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to obtain sensitive information by reading HTTP responses. | ||||
| CVE-2016-2887 | 2 Ibm, Microsoft | 2 Ims Enterprise Suite, .net Framework | 2025-04-12 | N/A |
| IBM IMS Enterprise Suite Data Provider before 3.2.0.1 for Microsoft .NET allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | ||||
| CVE-2016-2894 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-12 | N/A |
| IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary accounts in opportunistic circumstances by leveraging previous use of a symlink during archive and retrieve actions. | ||||
| CVE-2016-4706 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors. | ||||
| CVE-2016-2923 | 1 Ibm | 1 Websphere Application Server | 2025-04-12 | N/A |
| IBM WebSphere Application Server (WAS) 8.5 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified JAX-RS API cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | ||||