Total
409 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10932 | 2 Hyper, Microsoft | 2 Hyper, Windows | 2024-11-21 | 5.8 MEDIUM | 4.8 MEDIUM |
| An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-middle vulnerability because hostname verification was omitted. | |||||
| CVE-2016-10894 | 2 Debian, Xtrlock Project | 2 Debian Linux, Xtrlock | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various programs such as Chromium via events such as pan scrolling, "pinch and zoom" gestures, or even regular mouse clicks (by depressing the touchpad once and then clicking with a different finger). | |||||
| CVE-2016-10772 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168). | |||||
| CVE-2016-10746 | 2 Debian, Redhat | 2 Debian Linux, Libvirt | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886. | |||||
| CVE-2016-10717 | 1 Malwarebytes | 1 Malwarebytes Anti-malware | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP. | |||||
| CVE-2016-10552 | 1 Infragistics | 1 Igniteui | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol. | |||||
| CVE-2016-10517 | 1 Redislabs | 1 Redis | 2024-11-21 | 4.3 MEDIUM | 7.4 HIGH |
| networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port). | |||||
| CVE-2016-10443 | 1 Qualcomm | 58 Mdm9206, Mdm9206 Firmware, Mdm9607 and 55 more | 2024-11-21 | 4.0 MEDIUM | 6.8 MEDIUM |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, packet replay may be possible. | |||||
| CVE-2016-10336 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Android releases from CAF using the Linux kernel, some regions of memory were not protected during boot. | |||||
| CVE-2016-10332 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In all Android releases from CAF using the Linux kernel, stack protection was not enabled for secure applications. | |||||
| CVE-2016-10321 | 1 Web2py | 1 Web2py | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks. | |||||
| CVE-2016-10224 | 1 Sauter-controls | 1 Novaweb Web Hmi | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in Sauter NovaWeb web HMI. The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user. | |||||
| CVE-2016-10185 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on the D-Link DWR-932B router. A secure_mode=no line exists in /var/miniupnpd.conf. | |||||
| CVE-2016-10178 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command. | |||||
| CVE-2016-10148 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896. | |||||
| CVE-2016-1000009 | 1 Tp-link | 1 Tp-link | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. Please note that these domains are physically printed on many of the devices. | |||||
| CVE-2016-0950 | 1 Adobe | 1 Connect | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Adobe Connect before 9.5.2 allows remote attackers to spoof the user interface via unspecified vectors. | |||||
| CVE-2016-0907 | 1 Emc | 2 Isilon Onefs, Isilonsd Edge Onefs | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0.1, and IsilonSD Edge OneFS 8.0.x before 8.0.0.1, does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream, a similar issue to CVE-2016-2115. | |||||
| CVE-2016-0896 | 1 Pivotal Software | 1 Cloud Foundry Elastic Runtime | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254 address. | |||||
| CVE-2016-0894 | 1 Emc | 1 Rsa Data Loss Prevention | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to bypass intended object access restrictions via a modified parameter. | |||||