Export limit exceeded: 365419 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (5697 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-8986 1 Ibm 1 Websphere Mq 2025-04-20 N/A
IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference #: 1998648.
CVE-2016-9005 1 Ibm 1 System Storage Ts3100-ts3200 Tape Library 2025-04-20 N/A
IBM System Storage TS3100-TS3200 Tape Library could allow an unauthenticated user with access to the company network, to change a user's password and gain remote access to the system.
CVE-2016-9008 1 Ibm 1 Urbancode Deploy 2025-04-20 N/A
IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent.
CVE-2016-9016 1 Firejail Project 1 Firejail 2025-04-20 N/A
Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
CVE-2016-9639 1 Saltstack 1 Salt 2025-04-20 N/A
Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.
CVE-2016-9815 1 Xen 1 Xen 2025-04-20 N/A
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort.
CVE-2016-9816 1 Xen 1 Xen 2025-04-20 N/A
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2.
CVE-2016-9817 1 Xen 1 Xen 2025-04-20 N/A
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set.
CVE-2016-9818 1 Xen 1 Xen 2025-04-20 N/A
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP.
CVE-2017-1000108 1 Jenkins 1 Pipeline-input-step 2025-04-20 N/A
The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. This has been changed, and now requires users to have the Item/Build permission instead.
CVE-2017-15114 1 Redhat 1 Openstack Platform 2025-04-20 N/A
When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd (which is equivalent to root access). If a vulnerability exists in another service it could, combined with this flaw, be exploited to escalate privileges to gain control over compute nodes.
CVE-2017-15891 1 Synology 1 Calendar 2025-04-20 N/A
Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors.
CVE-2017-15994 1 Samba 1 Rsync 2025-04-20 N/A
rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use in various GitHub projects.
CVE-2016-4031 1 Samsung 10 Galaxy Note 3, Galaxy Note 3 Firmware, Galaxy S4 and 7 more 2025-04-20 N/A
Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices allow attackers to send AT commands by plugging the device into a Linux host, aka SVE-2016-5301.
CVE-2016-4030 1 Samsung 10 Galaxy Note 3, Galaxy Note 3 Firmware, Galaxy S4 and 7 more 2025-04-20 N/A
Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices have unintended availability of the modem in USB configuration number 2 within the secure lockscreen state, allowing an attacker to make phone calls, send text messages, or issue commands, aka SVE-2016-5301.
CVE-2017-16766 1 Synology 1 Diskstation Manager 2025-04-20 N/A
An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option.
CVE-2016-7792 1 Ubiquiti Networks 2 Unifi Ap Ac Lite, Unifi Ap Ac Lite Firmware 2025-04-20 N/A
Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it.
CVE-2017-5254 1 Cambiumnetworks 4 Epmp 1000, Epmp 1000 Firmware, Epmp 2000 and 1 more 2025-04-20 N/A
In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism.
CVE-2017-6016 1 Leao Consultoria E Desenvolvimento De Sistemas 1 Ltda Me Laquis Scada 2025-04-20 N/A
An Improper Access Control issue was discovered in LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA. The following versions are affected: Versions 4.1 and prior versions released before January 20, 2017. An Improper Access Control vulnerability has been identified, which may allow an authenticated user to modify application files to escalate privileges.
CVE-2017-6866 1 Siemens 1 Xhq Server 2025-04-20 N/A
A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level.