Total
414 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-8508 | 1 Yandex | 1 Yandex Browser | 2025-04-20 | 6.5 Medium |
| Yandex Browser for desktop before 17.1.1.227 does not show Protect (similar to Safebrowsing in Chromium) warnings in web-sites with special content-type, which could be used by remote attacker for prevention Protect warning on own malicious web-site. | ||||
| CVE-2016-4781 | 1 Apple | 1 Iphone Os | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to bypass the passcode attempt counter and unlock a device via unspecified vectors. | ||||
| CVE-2016-7638 | 1 Apple | 1 Iphone Os | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Find My iPhone" component, which allows physically proximate attackers to disable this component by bypassing authentication. | ||||
| CVE-2016-5933 | 1 Ibm | 1 Tivoli Monitoring | 2025-04-20 | N/A |
| IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM Reference #: 1997223. | ||||
| CVE-2016-6497 | 1 Apache | 1 Groovy Ldap | 2025-04-20 | 7.5 High |
| main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods. | ||||
| CVE-2015-6498 | 1 Alcatel-lucent | 1 Home Device Manager | 2025-04-20 | N/A |
| Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4.2.2 allows remote attackers to spoof and make calls as target devices. | ||||
| CVE-2016-10178 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2025-04-20 | 9.8 Critical |
| An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command. | ||||
| CVE-2015-8986 | 1 Mcafee | 1 Advanced Threat Defense | 2025-04-20 | N/A |
| Sandbox detection evasion vulnerability in hardware appliances in McAfee (now Intel Security) Advanced Threat Defense (MATD) 3.4.2.32 and earlier allows attackers to detect the sandbox environment, then bypass proper malware detection resulting in failure to detect a malware file (false-negative) via specially crafted malware. | ||||
| CVE-2015-5246 | 1 Theforeman | 1 Foreman | 2025-04-20 | N/A |
| The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory. | ||||
| CVE-2016-10224 | 1 Sauter-controls | 1 Novaweb Web Hmi | 2025-04-20 | 7.2 High |
| An issue was discovered in Sauter NovaWeb web HMI. The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user. | ||||
| CVE-2016-1520 | 1 Grandstream | 1 Wave | 2025-04-20 | N/A |
| The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application. | ||||
| CVE-2016-3102 | 1 Jenkins | 1 Script Security | 2025-04-20 | N/A |
| The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set array operations. | ||||
| CVE-2016-3997 | 1 Netapp | 1 Clustered Data Ontap | 2025-04-20 | N/A |
| NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state. | ||||
| CVE-2016-4689 | 1 Apple | 1 Iphone Os | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Mail" component, which does not alert the user to an S/MIME email signature that used a revoked certificate. | ||||
| CVE-2016-5898 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-20 | N/A |
| IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization. By sending a direct request, an attacker could exploit this vulnerability to obtain sensitive information. | ||||
| CVE-2016-5949 | 1 Ibm | 1 Kenexa Lcms Premier | 2025-04-20 | N/A |
| IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to obtain sensitive user data with a specially crafted HTTP request. | ||||
| CVE-2017-12353 | 1 Cisco | 1 Asyncos | 2025-04-20 | N/A |
| A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a malformed MIME header in an email attachment. An attacker could exploit this vulnerability by sending an email with a crafted MIME attachment. For example, a successful exploit could allow the attacker to bypass configured user filters to drop the email. The malformed MIME headers may not be RFC compliant. However, some mail clients could still allow users to access the attachment, which may not have been properly filtered by the device. Cisco Bug IDs: CSCvf44666. | ||||
| CVE-2016-6594 | 1 Bluecoat | 3 Advanced Secure Gateway, Cacheflow, Proxysg | 2025-04-20 | N/A |
| Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning. | ||||
| CVE-2010-1776 | 1 Apple | 1 Iphone Os | 2025-04-20 | N/A |
| Find My iPhone on iOS 2.0 through 3.1.3 for iPhone 3G and later and iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later, when Find My iPhone is disabled, allows remote authenticated users with an associated MobileMe account to wipe the device. | ||||
| CVE-2015-7976 | 4 Novell, Ntp, Opensuse and 1 more | 10 Suse Openstack Cloud, Ntp, Leap and 7 more | 2025-04-20 | N/A |
| The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. | ||||