Total
32235 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-0371 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 7.5 High |
| MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style="background-image: attr(title url);" attack within a DIV element that has an attacker-controlled URL in the title attribute. | ||||
| CVE-2017-0359 | 2 Debian, Reproducible Builds | 2 Debian Linux, Diffoscope | 2024-11-21 | 9.8 Critical |
| diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive. | ||||
| CVE-2016-9652 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 9.8 Critical |
| Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883.75. | ||||
| CVE-2016-8518 | 1 Hp | 1 Systems Insight Manager | 2024-11-21 | N/A |
| A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found. | ||||
| CVE-2016-8516 | 1 Hp | 1 Systems Insight Manager | 2024-11-21 | N/A |
| A remote denial of service vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found. | ||||
| CVE-2016-6813 | 1 Apache | 1 Cloudstack | 2024-11-21 | 9.8 Critical |
| Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another (non-"root") CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn accessing their account and resources. | ||||
| CVE-2016-5194 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 9.8 Critical |
| Unspecified vulnerabilities in Google Chrome before 54.0.2840.59. | ||||
| CVE-2016-4606 | 2 Apple, Haxx | 2 Mac Os X, Curl | 2024-11-21 | 9.8 Critical |
| Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. | ||||
| CVE-2016-4427 | 1 Zulip | 1 Zulip | 2024-11-21 | 7.5 High |
| In zulip before 1.3.12, deactivated users could access messages if SSO was enabled. | ||||
| CVE-2016-4426 | 1 Zulip | 1 Zulip | 2024-11-21 | 4.3 Medium |
| In zulip before 1.3.12, bot API keys were accessible to other users in the same realm. | ||||
| CVE-2016-20010 | 1 Ewww | 1 Image Optimizer | 2024-11-21 | 10.0 Critical |
| EWWW Image Optimizer before 2.8.5 allows remote command execution because it relies on a protection mechanism involving boolval, which is unavailable before PHP 5.5. | ||||
| CVE-2016-20006 | 1 Rest\/json Project | 1 Rest\/json | 2024-11-21 | 7.5 High |
| The REST/JSON project 7.x-1.x for Drupal allows blockage of user logins, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. | ||||
| CVE-2016-1239 | 1 Debian | 1 Duck | 2024-11-21 | 9.8 Critical |
| duck before 0.10 did not properly handle loading of untrusted code from the current directory. | ||||
| CVE-2016-1203 | 2 Microsoft, Saat | 3 Windows, Netizen, Netizen Installer | 2024-11-21 | 8.1 High |
| Improper file verification vulnerability in SaAT Netizen installer ver.1.2.0.424 and earlier, and SaAT Netizen ver.1.2.0.8 (Build427) and earlier allows a remote unauthenticated attacker to conduct a man-in-the-middle attack. A successful exploitation may result in a malicious file being downloaded and executed. | ||||
| CVE-2016-15024 | 1 Doomsider Shadow Project | 1 Doomsider Shadow | 2024-11-21 | 2.5 Low |
| A vulnerability was found in doomsider shadow. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is told to be difficult. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 3332c5ba9ec3014ddc74e2147190a050eee97bc0. It is recommended to apply a patch to fix this issue. VDB-221478 is the identifier assigned to this vulnerability. | ||||
| CVE-2016-11060 | 1 Netgear | 8 Fvs318g, Fvs318g Firmware, Fvs318n and 5 more | 2024-11-21 | 7.5 High |
| Certain NETGEAR devices are affected by insecure renegotiation. This affects SRX5308 before 2017-02-10, FVS336Gv3 before 2017-02-10, FVS318N before 2017-02-10, and FVS318Gv2 before 2017-02-10. | ||||
| CVE-2016-11056 | 1 Netgear | 1 Readynas Surveillance | 2024-11-21 | 8.8 High |
| Certain NETGEAR devices are affected by anonymous root access. This affects ReadyNAS Surveillance 1.1.1-3-armel and earlier and ReadyNAS Surveillance 1.4.1-3-amd64 and earlier. | ||||
| CVE-2016-11050 | 1 Samsung | 10 Note2, Note2 Firmware, Note3 and 7 more | 2024-11-21 | 4.3 Medium |
| An issue was discovered on Samsung mobile devices with S3(KK), Note2(KK), S4(L), Note3(L), and S5(L) software. An attacker can rewrite the IMEI by flashing crafted firmware. The Samsung ID is SVE-2016-5562 (March 2016). | ||||
| CVE-2016-11049 | 1 Google | 1 Android | 2024-11-21 | 9.1 Critical |
| An issue was discovered on Samsung mobile devices with software through 2016-01-16 (Shannon333/308/310 chipsets). The IMEI may be retrieved and modified because of an error in managing key information. The Samsung ID is SVE-2016-5435 (March 2016). | ||||
| CVE-2016-10471 | 1 Qualcomm | 16 Sd 425, Sd 425 Firmware, Sd 430 and 13 more | 2024-11-21 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, an unsigned RTIC health report susceptible to tampering by malware executing in the context of the HLOS may be requested. | ||||