Search Results (26990 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-20005 1 Rest\/json Project 1 Rest\/json 2024-11-21 9.8 Critical
The REST/JSON project 7.x-1.x for Drupal allows user registration bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.
CVE-2016-20004 1 Rest\/json Project 1 Rest\/json 2024-11-21 9.8 Critical
The REST/JSON project 7.x-1.x for Drupal allows field access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.
CVE-2016-20002 1 Rest\/json Project 1 Rest\/json 2024-11-21 9.8 Critical
The REST/JSON project 7.x-1.x for Drupal allows comment access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.
CVE-2016-20001 1 Rest\/json Project 1 Rest\/json 2024-11-21 9.8 Critical
The REST/JSON project 7.x-1.x for Drupal allows node access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.
CVE-2016-1239 1 Debian 1 Duck 2024-11-21 9.8 Critical
duck before 0.10 did not properly handle loading of untrusted code from the current directory.
CVE-2016-11074 1 Mattermost 1 Mattermost Server 2024-11-21 9.8 Critical
An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused.
CVE-2016-11064 1 Mattermost 1 Mattermost Desktop 2024-11-21 9.8 Critical
An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as code via injection.
CVE-2016-11061 1 Xerox 50 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 47 more 2024-11-21 9.8 Critical
Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device.
CVE-2016-11049 1 Google 1 Android 2024-11-21 9.1 Critical
An issue was discovered on Samsung mobile devices with software through 2016-01-16 (Shannon333/308/310 chipsets). The IMEI may be retrieved and modified because of an error in managing key information. The Samsung ID is SVE-2016-5435 (March 2016).
CVE-2016-11038 2 Google, Samsung 7 Android, Galaxy Note 3, Galaxy Note 4 and 4 more 2024-11-21 9.8 Critical
An issue was discovered on Samsung mobile devices with software through 2016-04-05 (incorporating the Samsung Professional Audio SDK). The Jack audio service doesn't implement access control for shared memory, leading to arbitrary code execution or privilege escalation. The Samsung ID is SVE-2016-5953 (July 2016).
CVE-2016-11036 1 Google 1 Android 2024-11-21 9.8 Critical
An issue was discovered on Samsung mobile devices with M(6.0) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2016-6008 (August 2016).
CVE-2016-11033 1 Google 1 Android 2024-11-21 9.8 Critical
An issue was discovered on Samsung mobile devices with M(6.0) software. There is a heap-based buffer overflow in tlc_server. The Samsung IDs are SVE-2016-7220 and SVE-2016-7225 (November 2016).
CVE-2016-11028 2 Google, Samsung 2 Android, Exynos 2024-11-21 9.8 Critical
An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a stack-based buffer overflow in the OTP TrustZone trustlet. The Samsung IDs are SVE-2016-7173 and SVE-2016-7174 (December 2016).
CVE-2016-11025 1 Google 1 Android 2024-11-21 9.8 Critical
An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a memcpy heap-based buffer overflow in the OTP service. The Samsung ID is SVE-2016-7114 (December 2016).
CVE-2016-11024 1 Odata4j Project 1 Odata4j 2024-11-21 9.8 Critical
odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: this product is apparently discontinued.
CVE-2016-11023 1 Odata4j Project 1 Odata4j 2024-11-21 9.8 Critical
odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE: this product is apparently discontinued.
CVE-2016-11020 1 Kunena 1 Kunena 2024-11-21 9.8 Critical
Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution.
CVE-2016-11018 1 Huge-it 1 Image Gallery 2024-11-21 9.8 Critical
An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is huge_it_image_gallery_ajax_callback().
CVE-2016-11017 1 Akips 1 Network Monitor 2024-11-21 9.8 Critical
The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticated attacker to execute arbitrary OS commands via shell metacharacters in the username parameter (a failed login attempt returns the command-injection output to a limited login failure field). This is fixed in 16.6.
CVE-2016-11014 1 Netgear 2 Jnr1010, Jnr1010 Firmware 2024-11-21 9.8 Critical
NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case.