Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8624 | 1 Haxx | 1 Curl | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.
|
|||||
| CVE-2016-8612 | 3 Apache, Netapp, Redhat | 3 Http Server, Storage Automation Store, Enterprise Linux | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
|
Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process.
|
|||||
| CVE-2016-8611 | 1 Openstack | 1 Glance | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation.
|
|||||
| CVE-2016-8535 | 1 Hp | 1 Matrix Operating Environment | 2024-11-21 | 3.5 LOW | 3.5 LOW |
|
A remote HTTP parameter Pollution vulnerability in HPE Matrix Operating Environment version 7.6 was found.
|
|||||
| CVE-2016-8530 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A remote denial of service vulnerability in HPE iMC PLAT version v7.2 E0403P06 and earlier was found. The problem was resolved in iMC PLAT 7.3 E0504 or subsequent version.
|
|||||
| CVE-2016-8521 | 1 Hp | 1 Diagnostics | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A Remote click jacking vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found.
|
|||||
| CVE-2016-7475 | 1 F5 | 8 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Application Acceleration Manager and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles.
|
|||||
| CVE-2016-7472 | 1 F5 | 1 Big-ip Application Security Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
F5 BIG-IP ASM version 12.1.0 - 12.1.1 may allow remote attackers to cause a denial of service (DoS) via a crafted HTTP request.
|
|||||
| CVE-2016-7074 | 2 Debian, Powerdns | 3 Debian Linux, Authoritative, Recursor | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
|
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leading to the possibility of parsing records that are not covered by the TSIG signature.
|
|||||
| CVE-2016-7073 | 2 Debian, Powerdns | 3 Debian Linux, Authoritative, Recursor | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
|
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in AXFRRetriever, leading to a possible replay attack.
|
|||||
| CVE-2016-7072 | 2 Debian, Powerdns | 2 Debian Linux, Authoritative | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and terminates the whole PowerDNS process. While it's more complicated for an unauthorized attacker to make the web server run out of file descriptors since its connection will be closed just after being accep ...
Show More |
|||||
| CVE-2016-7069 | 1 Powerdns | 1 Dnsdist | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
|
An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to be removed before forwarding the response to the initial client. On a 32-bit system, the pointer arithmetic used when parsing the received response to remove that record might trigger an undefined behavior leading to a crash.
|
|||||
| CVE-2016-7068 | 2 Debian, Powerdns | 3 Debian Linux, Authoritative, Recursor | 2024-11-21 | 7.8 HIGH | 5.3 MEDIUM |
|
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted q ...
Show More |
|||||
| CVE-2016-6589 | 1 Symantec | 1 It Management Suite | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A Denial of Service vulnerability exists in the ITMS workflow process manager login window in Symantec IT Management Suite 8.0.
|
|||||
| CVE-2016-6586 | 1 Symantec | 1 Norton Mobile Security | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
|
A security bypass vulnerability exists in Symantec Norton Mobile Security for Android before 3.16, which could let a malicious user conduct a man-in-the-middle via specially crafted JavaScript to add arbitrary URLs to the URL whitelist.
|
|||||
| CVE-2016-6585 | 1 Symantec | 1 Norton Mobile Security | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
|
A Denial of Service vulnerability exists in Symantec Norton Mobile Security for Android prior to 3.16, which could let a remote malicious user conduct a man-in-the-middle attack via specially crafted JavaScript.
|
|||||
| CVE-2016-6567 | 1 Shdesigns | 1 Resident Download Manager | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
SHDesigns' Resident Download Manager provides firmware update capabilities for Rabbit 2000/3000 CPU boards, which according to the reporter may be used in some industrial control and embedded applications. The Resident Download Manager does not verify that the firmware is authentic before executing code and deploying the firmware to devices. A remote attacker with the ability to send UDP traffic to the device may be able to execute arbitrary code on the device. According to SHDesigns' website, t ...
Show More |
|||||
| CVE-2016-6565 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
|
The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some circumstances (dependent on server configuration).
|
|||||
| CVE-2016-6542 | 1 Ieasytec | 1 Itrackeasy | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
|
The iTrack device tracking ID number, also called "LosserID" in the web API, can be obtained by being in the range of an iTrack device. The tracker ID is the device's BLE MAC address.
|
|||||
| CVE-2016-5298 | 2 Google, Mozilla | 2 Android, Firefox | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox < 50.
|
|||||
| CVE-2016-5292 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50.
|
|||||
| CVE-2016-2983 | 1 Ibm | 1 Tealeaf Customer Experience | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security. IBM X-Force ID: 113999.
|
|||||
| CVE-2016-2125 | 2 Redhat, Samba | 8 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus and 5 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.
|
|||||
| CVE-2016-2031 | 2 Arubanetworks, Siemens | 5 Airwave, Aruba Instant, Arubaos and 2 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass security restrictions, obtain sensitive information, perform unauthorized actions and execute arbitrary code.
|
|||||
| CVE-2016-1586 | 1 Oxide Project | 1 Oxide | 2024-11-21 | 5.0 MEDIUM | 1.8 LOW |
|
A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3.
|
|||||
| CVE-2016-11067 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang.
|
|||||
| CVE-2016-11053 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
An issue was discovered on Samsung mobile devices with software through 2015-11-11 (supporting FRP/RL). There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2015-5131 (January 2016).
|
|||||
| CVE-2016-11052 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An issue was discovered on Samsung mobile devices with L(5.0/5.1) software. je_free in libQjpeg.so in Qjpeg in Qt 5.5 allows memory corruption via a malformed JPEG file. The Samsung ID is SVE-2015-5110 (January 2016).
|
|||||
| CVE-2016-11048 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
An issue was discovered on Samsung mobile devices with L(5.0/5.1) (Spreadtrum or Marvell chipsets) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2016-5421 (March 2016).
|
|||||
| CVE-2016-11046 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on Samsung mobile devices with JBP(4.3), KK(4.4), and L(5.0/5.1) software. Because of a misused whitelist, attackers can reach the radio layer (aka RIL or RILD) to place calls or send SMS messages. The Samsung ID is SVE-2016-5733 (May 2016).
|
|||||
| CVE-2016-11040 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
An issue was discovered on Samsung mobile devices with L(5.0/5.1) (with USB OTG MyFile2014_L_ESS support) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2015-5068 (June 2016).
|
|||||
| CVE-2016-11032 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered on Samsung mobile devices with M(6.0) software. An attacker can disable all Sound functionality by broadcasting an unprotected intent. The Samsung IDs are SVE-2016-7179 and SVE-2016-7182 (November 2016).
|
|||||
| CVE-2016-11031 | 1 Google | 1 Android | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. AntService allows a system_server crash and reboot. The Samsung ID is SVE-2016-7044 (November 2016).
|
|||||
| CVE-2016-10991 | 1 Imdb-widget Project | 1 Imdb-widget | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The imdb-widget plugin before 1.0.9 for WordPress has Local File Inclusion.
|
|||||
| CVE-2016-10960 | 1 Joomlaserviceprovider | 1 Wsecure | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.
|
|||||
| CVE-2016-10956 | 1 Mail-masta Project | 1 Mail-masta | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.
|
|||||
| CVE-2016-10948 | 1 Post Indexer Project | 1 Post Indexer | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect handling of data passed to the unserialize function.
|
|||||
| CVE-2016-10930 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number.
|
|||||
| CVE-2016-10899 | 1 Fabrix | 1 Total Security | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The total-security plugin before 3.4.1 for WordPress has a settings-change vulnerability.
|
|||||
| CVE-2016-10858 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 9.3 HIGH | 9.8 CRITICAL |
|
cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64).
|
|||||