Total
1752 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5239 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2016-5229 | 1 Atlassian | 1 Bamboo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization. | |||||
| CVE-2016-5217 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolation via a crafted HTML page. | |||||
| CVE-2016-5206 | 1 Google | 1 Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page. | |||||
| CVE-2016-5192 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages. | |||||
| CVE-2016-5189 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages. | |||||
| CVE-2016-5176 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors. | |||||
| CVE-2016-5173 | 1 Google | 1 Chrome | 2024-11-21 | 6.8 MEDIUM | 7.1 HIGH |
| The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack. | |||||
| CVE-2016-5144 | 1 Google | 1 Chrome | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5143. | |||||
| CVE-2016-5130 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site. | |||||
| CVE-2016-5109 | 1 Citrix | 2 Worx Home, Xenmobile Mdx Toolkit | 2024-11-21 | 2.1 LOW | 4.3 MEDIUM |
| Citrix Worx Home for iOS before 10.3.6 and XenMobile MDX Toolkit for iOS before 10.3.6 might allow physically proximate attackers to bypass in-application Apple Touch ID authentication via unspecified vectors, related to an application requiring re-authentication. | |||||
| CVE-2016-5104 | 3 Canonical, Libimobiledevice, Opensuse | 5 Ubuntu Linux, Libimobiledevice, Libusbmuxd and 2 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket. | |||||
| CVE-2016-5101 | 2 Microsoft, Opera | 2 Windows, Opera Mail | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in Opera Mail before 2016-02-16 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted e-mail message. | |||||
| CVE-2016-5058 | 1 Osram | 1 Lightify Pro | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay. | |||||
| CVE-2016-5054 | 1 Osram | 1 Lightify Home | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee replay. | |||||
| CVE-2016-5026 | 1 Onionshare | 1 Onionshare | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| hs.py in OnionShare before 0.9.1 allows local users to modify the hiddenservice by pre-creating the /tmp/onionshare directory. | |||||
| CVE-2016-5023 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Virtual servers in F5 BIG-IP systems 11.2.1 HF11 through HF15, 11.4.1 HF4 through HF10, 11.5.3 through 11.5.4, 11.6.0 HF5 through HF7, and 12.0.0, when configured with a TCP profile, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) via crafted network traffic. | |||||
| CVE-2016-5022 | 1 F5 | 22 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 19 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.x before 11.2.1 HF16 and 11.3.0; BIG-IP GTM 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1 HF1; BIG-IP PSM 11.2.x before 11.2.1 HF16, 11.3.x, and 11.4.0 through 11.4.1; Enterprise Manager 3.1.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 5.0.0; BIG-IQ Cloud and Orchestration 1.0.0; and iWorkflow 2.0.0, when Packet Filtering is enabled on virtual servers and possibly self IP addresses, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) and possibly have unspecified other impact via crafted network traffic. | |||||
| CVE-2016-5008 | 2 Debian, Redhat | 2 Debian Linux, Libvirt | 2024-11-21 | 4.3 MEDIUM | 9.8 CRITICAL |
| libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server. | |||||
| CVE-2016-4979 | 1 Apache | 1 Http Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allows remote attackers to bypass intended access restrictions by leveraging the ability to send multiple requests over a single connection and aborting a renegotiation. | |||||