Total
416 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-10717 | 1 Malwarebytes | 1 Malwarebytes Anti-malware | 2024-08-06 | N/A |
| A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP. | ||||
| CVE-2016-10746 | 2 Debian, Redhat | 2 Debian Linux, Libvirt | 2024-08-06 | N/A |
| libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886. | ||||
| CVE-2016-10517 | 1 Redislabs | 1 Redis | 2024-08-06 | N/A |
| networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port). | ||||
| CVE-2016-10336 | 1 Google | 1 Android | 2024-08-06 | N/A |
| In all Android releases from CAF using the Linux kernel, some regions of memory were not protected during boot. | ||||
| CVE-2016-10321 | 1 Web2py | 1 Web2py | 2024-08-06 | N/A |
| web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks. | ||||
| CVE-2016-10332 | 1 Google | 1 Android | 2024-08-06 | N/A |
| In all Android releases from CAF using the Linux kernel, stack protection was not enabled for secure applications. | ||||
| CVE-2016-10224 | 1 Sauter-controls | 1 Novaweb Web Hmi | 2024-08-06 | 7.2 High |
| An issue was discovered in Sauter NovaWeb web HMI. The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user. | ||||
| CVE-2016-10185 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2024-08-06 | 7.5 High |
| An issue was discovered on the D-Link DWR-932B router. A secure_mode=no line exists in /var/miniupnpd.conf. | ||||
| CVE-2016-10178 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2024-08-06 | 9.8 Critical |
| An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command. | ||||
| CVE-2016-10148 | 1 Wordpress | 1 Wordpress | 2024-08-06 | N/A |
| The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896. | ||||
| CVE-2016-9900 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-08-06 | N/A |
| External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. | ||||
| CVE-2016-9895 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-08-06 | N/A |
| Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. | ||||
| CVE-2016-9885 | 1 Pivotal Software | 1 Gemfire For Pivotal Cloud Foundry | 2024-08-06 | N/A |
| An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geode Shell) endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly accessible. Because HTTPS communications are terminated at the gorouter, communications from the gorouter to GemFire clusters are unencrypted. An attacker could run any command available on gfsh and could cause denial of service, lost confidentiality of data, escalate privileges, or eavesdrop on other communications between the gorouter and the cluster. | ||||
| CVE-2016-9868 | 1 Emc | 1 Scaleio | 2024-08-06 | N/A |
| An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may cause a denial-of-service by generating a kernel panic in the SCINI driver using IOCTL calls which may render the ScaleIO Data Client (SDC) server unavailable until the next reboot. | ||||
| CVE-2016-9865 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-08-06 | N/A |
| An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | ||||
| CVE-2016-9851 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-08-06 | N/A |
| An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. | ||||
| CVE-2016-9850 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-08-06 | N/A |
| An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | ||||
| CVE-2016-9861 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-08-06 | N/A |
| An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | ||||
| CVE-2016-9738 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-08-06 | N/A |
| IBM QRadar 7.2 and 7.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 119783. | ||||
| CVE-2016-9568 | 1 Carbonblack | 1 Carbon Black | 2024-08-06 | N/A |
| A security design issue can allow an unprivileged user to interact with the Carbon Black Sensor and perform unauthorized actions. | ||||