Export limit exceeded: 364834 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (2336 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-6531 1 Opendental 1 Opendental 2025-04-12 9.8 Critical
Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the "vulnerability note ... is factually false ... there is indeed a default blank password, but it can be changed ... We recommend that users change it, each customer receives direction.
CVE-2016-5363 2 Openstack, Redhat 2 Neutron, Openstack 2025-04-12 N/A
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2) crafted non-IP traffic.
CVE-2015-8368 1 Ntop 1 Ntopng 2025-04-12 N/A
ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua.
CVE-2016-5362 2 Openstack, Redhat 2 Neutron, Openstack 2025-04-12 N/A
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message.
CVE-2015-8400 2 Fedoraproject, Shellinabox Project 2 Fedora, Shellinabox 2025-04-12 N/A
The HTTPS fallback implementation in Shell In A Box (aka shellinabox) before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL.
CVE-2015-8801 1 Symantec 1 Endpoint Protection Manager 2025-04-12 N/A
Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device.
CVE-2015-8803 4 Canonical, Nettle Project, Opensuse and 1 more 5 Ubuntu Linux, Nettle, Leap and 2 more 2025-04-12 N/A
The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
CVE-2015-8804 4 Canonical, Nettle Project, Opensuse and 1 more 5 Ubuntu Linux, Nettle, Leap and 2 more 2025-04-12 N/A
x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
CVE-2015-8914 2 Openstack, Redhat 2 Neutron, Openstack 2025-04-12 N/A
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address.
CVE-2015-8945 1 Openshift 1 Origin 2025-04-12 N/A
openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal.
CVE-2016-0019 1 Microsoft 1 Windows 10 2025-04-12 N/A
The Remote Desktop Protocol (RDP) service implementation in Microsoft Windows 10 Gold and 1511 allows remote attackers to bypass intended access restrictions and establish sessions for blank-password accounts via a modified RDP client, aka "Windows Remote Desktop Protocol Security Bypass Vulnerability."
CVE-2016-0287 2 Ibm, Microsoft 2 I Access, Windows 2025-04-12 N/A
IBM i Access 7.1 on Windows allows local users to discover registry passwords via unspecified vectors.
CVE-2016-0049 1 Microsoft 6 Windows 10, Windows 7, Windows 8.1 and 3 more 2025-04-12 N/A
Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 does not properly validate password changes, which allows remote attackers to bypass authentication by deploying a crafted Key Distribution Center (KDC) and then performing a sign-in action, aka "Windows Kerberos Security Feature Bypass."
CVE-2016-0128 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2025-04-12 6.8 Medium
The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 do not properly establish an RPC channel, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "Windows SAM and LSAD Downgrade Vulnerability" or "BADLOCK."
CVE-2016-5328 2 Apple, Vmware 2 Mac Os X, Tools 2025-04-12 N/A
VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors.
CVE-2016-0137 1 Microsoft 1 Office 2025-04-12 N/A
The Click-to-Run (C2R) implementation in Microsoft Office 2013 SP1 and 2016 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Microsoft APP-V ASLR Bypass."
CVE-2016-0158 1 Microsoft 1 Edge 2025-04-12 N/A
Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0161.
CVE-2016-0161 1 Microsoft 1 Edge 2025-04-12 N/A
Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0158.
CVE-2016-0181 1 Microsoft 1 Windows 10 2025-04-12 N/A
Microsoft Windows 10 Gold and 1511 allows local users to bypass the Virtual Secure Mode Hypervisor Code Integrity (HVCI) protection mechanism and perform RWX markings of kernel-mode pages via a crafted application, aka "Hypervisor Code Integrity Security Feature Bypass."
CVE-2016-0734 2 Apache, Redhat 3 Activemq, Jboss Amq, Jboss Fuse 2025-04-12 N/A
The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.