Total
1749 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9835 | 1 Zikula | 1 Zikula Application Framework | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file. | |||||
| CVE-2016-9818 | 1 Xen | 1 Xen | 2024-11-21 | 4.9 MEDIUM | 6.5 MEDIUM |
| Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP. | |||||
| CVE-2016-9817 | 1 Xen | 1 Xen | 2024-11-21 | 4.9 MEDIUM | 6.5 MEDIUM |
| Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set. | |||||
| CVE-2016-9816 | 1 Xen | 1 Xen | 2024-11-21 | 4.9 MEDIUM | 6.5 MEDIUM |
| Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2. | |||||
| CVE-2016-9815 | 1 Xen | 1 Xen | 2024-11-21 | 4.9 MEDIUM | 6.5 MEDIUM |
| Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort. | |||||
| CVE-2016-9722 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 4.9 MEDIUM | 4.2 MEDIUM |
| IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 119737. | |||||
| CVE-2016-9645 | 1 Ikiwiki | 1 Ikiwiki | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229. | |||||
| CVE-2016-9639 | 1 Saltstack | 1 Salt | 2024-11-21 | 7.5 HIGH | 9.1 CRITICAL |
| Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching. | |||||
| CVE-2016-9599 | 2 Openstack, Redhat | 2 Puppet-tripleo, Openstack | 2024-11-21 | 6.0 MEDIUM | 7.1 HIGH |
| puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources. | |||||
| CVE-2016-9565 | 1 Nagios | 1 Nagios | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796. | |||||
| CVE-2016-9468 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information. | |||||
| CVE-2016-9467 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user. | |||||
| CVE-2016-9462 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to restore old versions. | |||||
| CVE-2016-9461 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files. | |||||
| CVE-2016-9460 | 2 Nextcloud, Owncloud | 2 Nextcloud, Owncloud | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user. | |||||
| CVE-2016-9415 | 2 Microsoft, Mybb | 3 Windows, Merge System, Mybb | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows allow remote attackers to overwrite arbitrary CSS files via vectors related to "style import." | |||||
| CVE-2016-9413 | 1 Mybb | 2 Merge System, Mybb | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||||
| CVE-2016-9412 | 1 Mybb | 2 Merge System, Mybb | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow attackers to have unspecified impact via vectors related to low adminsid and sid entropy. | |||||
| CVE-2016-9378 | 1 Xen | 1 Xen | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging an incorrect choice for software interrupt delivery. | |||||
| CVE-2016-9368 | 1 Eaton | 1 Xcomfort Ethernet Communication Interface | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access files without authenticating. | |||||