Search Results (2330 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-8768 1 Huawei 6 Honor 6, Honor 6 Firmware, Honor 6 Plus and 3 more 2025-04-20 N/A
Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system or escalate privilege.
CVE-2016-8378 1 Lynxspring 1 Jenesys Bas Bridge 2025-04-20 N/A
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application's database lacks sufficient safeguards for protecting credentials.
CVE-2016-8329 1 Oracle 1 Peoplesoft Enterprise Peopletools 2025-04-20 N/A
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Mobile Application Platform). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts).
CVE-2016-6271 1 Bzrtp Project 1 Bzrtp 2025-04-20 N/A
The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception.
CVE-2016-10224 1 Sauter-controls 1 Novaweb Web Hmi 2025-04-20 7.2 High
An issue was discovered in Sauter NovaWeb web HMI. The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user.
CVE-2017-0774 1 Google 1 Android 2025-04-20 N/A
A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62673844.
CVE-2016-10178 1 Dlink 2 Dwr-932b, Dwr-932b Firmware 2025-04-20 9.8 Critical
An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command.
CVE-2016-6093 1 Ibm 2 Security Key Lifecycle Manager, Tivoli Key Lifecycle Manager 2025-04-20 N/A
IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
CVE-2016-5411 1 Redhat 2 Enterprise Linux, Quickstart Cloud Installer 2025-04-20 N/A
/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system.
CVE-2016-4721 1 Apple 2 Iphone Os, Mac Os X 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "IDS - Connectivity" component, which allows man-in-the-middle attackers to spoof calls via a "switch caller" notification.
CVE-2016-3130 1 Blackberry 1 Enterprise Service 2025-04-20 N/A
An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic between the two elements during a login attempt.
CVE-2016-9358 1 Marel 44 A320, A320 Firmware, A325 and 41 more 2025-04-20 N/A
A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. The end user does not have the ability to change system passwords.
CVE-2017-16727 1 Moxa 4 Nport W2150a, Nport W2150a Firmware, Nport W2250a and 1 more 2025-04-20 N/A
A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic.
CVE-2016-4890 1 Zohocorp 1 Servicedesk Plus 2025-04-20 N/A
ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generating cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a cookie.
CVE-2014-9635 2 Apache, Jenkins 2 Tomcat, Jenkins 2025-04-20 N/A
Jenkins before 1.586 does not set the HttpOnly flag in a Set-Cookie header for session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies.
CVE-2016-5052 1 Osram 1 Lightify Home 2025-04-20 N/A
OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning.
CVE-2016-5057 1 Osram 1 Lightify Pro 2025-04-20 N/A
OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning.
CVE-2016-7541 1 Fortinet 1 Fortios 2025-04-20 N/A
Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. All FortiGate versions with IPS configured in proxy mode (the default mode) are not affected.
CVE-2016-10336 1 Google 1 Android 2025-04-20 N/A
In all Android releases from CAF using the Linux kernel, some regions of memory were not protected during boot.
CVE-2016-10332 1 Google 1 Android 2025-04-20 N/A
In all Android releases from CAF using the Linux kernel, stack protection was not enabled for secure applications.