Total
414 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-6271 | 1 Bzrtp Project | 1 Bzrtp | 2025-04-20 | N/A |
| The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception. | ||||
| CVE-2016-7597 | 1 Apple | 1 Iphone Os | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to maintain the unlocked state via vectors related to Handoff with Siri. | ||||
| CVE-2016-9010 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2025-04-20 | N/A |
| IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM Reference #: 1997906. | ||||
| CVE-2015-7269 | 1 Seagate | 2 St500lt015, St500lt015 Firmware | 2025-04-20 | N/A |
| Seagate ST500LT015 hard disk drives, when operating in eDrive mode on Lenovo ThinkPad W541 laptops with BIOS 2.21, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by attaching a second SATA connector to exposed pins, maintaining an alternate power source, and attaching the data cable to another machine, aka a "Hot Unplug Attack." | ||||
| CVE-2016-3180 | 1 Tor Browser Launcher Project | 1 Tor Browser Launcher | 2025-04-20 | N/A |
| Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the initial run, allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a Trojan horse tar file and a signature file with the valid tarball and signature. | ||||
| CVE-2016-10321 | 1 Web2py | 1 Web2py | 2025-04-20 | N/A |
| web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks. | ||||
| CVE-2015-8986 | 1 Mcafee | 1 Advanced Threat Defense | 2025-04-20 | N/A |
| Sandbox detection evasion vulnerability in hardware appliances in McAfee (now Intel Security) Advanced Threat Defense (MATD) 3.4.2.32 and earlier allows attackers to detect the sandbox environment, then bypass proper malware detection resulting in failure to detect a malware file (false-negative) via specially crafted malware. | ||||
| CVE-2015-7331 | 1 Puppetlabs | 1 Mcollective-puppet-agent | 2025-04-20 | N/A |
| The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument. | ||||
| CVE-2016-10148 | 1 Wordpress | 1 Wordpress | 2025-04-20 | N/A |
| The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896. | ||||
| CVE-2015-9065 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a UE can respond to a UEInformationRequest before Access Stratum security is established. | ||||
| CVE-2016-5057 | 1 Osram | 1 Lightify Pro | 2025-04-20 | N/A |
| OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning. | ||||
| CVE-2011-2683 | 1 Reseed Project | 1 Reseed | 2025-04-20 | N/A |
| reseed seeds random numbers from an insecure HTTP request to random.org during installation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a man-in-the-middle attack. | ||||
| CVE-2016-5117 | 1 Openntpd | 1 Openntpd | 2025-04-20 | N/A |
| OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate. | ||||
| CVE-2016-1520 | 1 Grandstream | 1 Wave | 2025-04-20 | N/A |
| The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application. | ||||
| CVE-2015-8990 | 1 Mcafee | 1 Advanced Threat Defense | 2025-04-20 | N/A |
| Detection bypass vulnerability in Intel Security Advanced Threat Defense (ATD) 3.4.6 and earlier allows malware samples to bypass ATD detection via renaming the malware. | ||||
| CVE-2016-10178 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2025-04-20 | 9.8 Critical |
| An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command. | ||||
| CVE-2016-4890 | 1 Zohocorp | 1 Servicedesk Plus | 2025-04-20 | N/A |
| ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generating cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a cookie. | ||||
| CVE-2016-10224 | 1 Sauter-controls | 1 Novaweb Web Hmi | 2025-04-20 | 7.2 High |
| An issue was discovered in Sauter NovaWeb web HMI. The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user. | ||||
| CVE-2016-4781 | 1 Apple | 1 Iphone Os | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to bypass the passcode attempt counter and unlock a device via unspecified vectors. | ||||
| CVE-2016-8508 | 1 Yandex | 1 Yandex Browser | 2025-04-20 | 6.5 Medium |
| Yandex Browser for desktop before 17.1.1.227 does not show Protect (similar to Safebrowsing in Chromium) warnings in web-sites with special content-type, which could be used by remote attacker for prevention Protect warning on own malicious web-site. | ||||