Vulnerabilities (CVE)

Filtered by CWE-284
Total 1749 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-9413 1 Mybb 2 Merge System, Mybb 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
CVE-2016-9412 1 Mybb 2 Merge System, Mybb 2024-11-21 7.5 HIGH 9.8 CRITICAL
MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow attackers to have unspecified impact via vectors related to low adminsid and sid entropy.
CVE-2016-9378 1 Xen 1 Xen 2024-11-21 2.1 LOW 5.5 MEDIUM
Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging an incorrect choice for software interrupt delivery.
CVE-2016-9368 1 Eaton 1 Xcomfort Ethernet Communication Interface 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access files without authenticating.
CVE-2016-9356 1 Moxa 1 Dacenter 2024-11-21 4.6 MEDIUM 7.8 HIGH
An issue was discovered in Moxa DACenter Versions 1.4 and older. The application may suffer from an unquoted search path issue.
CVE-2016-9245 1 F5 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 7 more 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
In F5 BIG-IP systems 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "Normalize URI" configuration options used in iRules and/or BIG-IP LTM policies. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group.
CVE-2016-9190 2 Debian, Python 2 Debian Linux, Pillow 2024-11-21 6.8 MEDIUM 7.8 HIGH
Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component.
CVE-2016-9182 1 Exponentcms 1 Exponent Cms 2024-11-21 5.0 MEDIUM 7.5 HIGH
Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Exponent CMS permits undefined actions to execute by default, so an attacker can use a capitalized method name to bypass the permission check, e.g., controller=expHTMLEditor&action=preview&editor=ckeditor and controller=expHTMLEditor&action=Preview&editor=ckeditor. An anonymous user will be rejected for the former but can access the latter.
CVE-2016-9157 1 Siemens 1 Sicam Pas\/pqs 2024-11-21 7.5 HIGH 9.8 CRITICAL
A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by sending specially crafted packets to port 19234/TCP.
CVE-2016-9156 1 Siemens 1 Sicam Pas\/pqs 2024-11-21 7.5 HIGH 7.3 HIGH
A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to upload, download, or delete files in certain parts of the file system by sending specially crafted packets to port 19235/TCP.
CVE-2016-9155 1 Siemens 30 Ccid1445-dn18, Ccid1445-dn18 Firmware, Ccid1445-dn28 and 27 more 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, CFMW3025 prior to version 1.41_SP18_S1; CCPW3025, CCPW5025 prior to version 0.1.73_S1; CCMD3025-DN18 prior to version v1.394_S1; CCID1445-DN18, CCID1445-DN28, CCID1145-DN36, CFIS1425, CCIS1425, CFMS2025, CCMS2025, CVMS2025-IR, CFMW1025, CCMW1025 prior to version v2635_SP1 could allow an attacker with network access to the web server to obtain administrative credentials under certain circumstances.
CVE-2016-9122 1 Go-jose Project 1 Go-jose 2024-11-21 5.0 MEDIUM 7.5 HIGH
go-jose before 1.0.4 suffers from multiple signatures exploitation. The go-jose library supports messages with multiple signatures. However, when validating a signed message the API did not indicate which signature was valid, which could potentially lead to confusion. For example, users of the library might mistakenly read protected header values from an attached signature that was different from the one originally validated.
CVE-2016-9111 1 Citrix 1 Receiver Desktop 2024-11-21 4.6 MEDIUM 6.8 MEDIUM
Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection of a LAN cable. NOTE: as of 20161208, the vendor could not reproduce the issue, stating "the researcher was unable to provide us with information that would allow us to confirm the behaviour and, despite extensive investigation on test deployments of supported products, we were unable to reproduce the behaviour as he described. The researcher has also, despite additional requests for information, ceased to respond to us."
CVE-2016-9016 1 Firejail Project 1 Firejail 2024-11-21 7.2 HIGH 8.8 HIGH
Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
CVE-2016-9008 1 Ibm 1 Urbancode Deploy 2024-11-21 5.0 MEDIUM 7.5 HIGH
IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent.
CVE-2016-9005 1 Ibm 1 System Storage Ts3100-ts3200 Tape Library 2024-11-21 7.5 HIGH 9.8 CRITICAL
IBM System Storage TS3100-TS3200 Tape Library could allow an unauthenticated user with access to the company network, to change a user's password and gain remote access to the system.
CVE-2016-8986 1 Ibm 1 Websphere Mq 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference #: 1998648.
CVE-2016-8942 1 Ibm 2 Spectrum Control, Tivoli Storage Productivity Center 2024-11-21 3.5 LOW 3.1 LOW
IBM Tivoli Storage Productivity Center could allow an authenticated user with intimate knowledge of the system to edit a limited set of properties on the server.
CVE-2016-8938 1 Ibm 1 Urbancode Deploy 2024-11-21 10.0 HIGH 10.0 CRITICAL
IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications.
CVE-2016-8932 1 Ibm 1 Kenexa Lms 2024-11-21 6.5 MEDIUM 8.8 HIGH
IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.