Total
2809 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-9905 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Firefox Esr, Thunderbird and 4 more | 2024-08-06 | N/A |
A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6. | ||||
CVE-2016-9920 | 1 Roundcube | 1 Webmail | 2024-08-06 | N/A |
steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticated users to execute arbitrary code via a modified HTTP request that sends a crafted e-mail message. | ||||
CVE-2016-9877 | 2 Pivotal Software, Vmware | 2 Rabbitmq, Rabbitmq | 2024-08-06 | N/A |
An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected. | ||||
CVE-2016-9816 | 1 Xen | 1 Xen | 2024-08-06 | N/A |
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2. | ||||
CVE-2016-9815 | 1 Xen | 1 Xen | 2024-08-06 | N/A |
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort. | ||||
CVE-2016-9817 | 1 Xen | 1 Xen | 2024-08-06 | N/A |
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set. | ||||
CVE-2016-9818 | 1 Xen | 1 Xen | 2024-08-06 | N/A |
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP. | ||||
CVE-2016-9838 | 1 Joomla | 1 Joomla\! | 2024-08-06 | N/A |
An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account and reset the user's group mappings, username, and password, as demonstrated by submitting a form that targets the `registration.register` task. | ||||
CVE-2016-9836 | 1 Joomla | 1 Joomla\! | 2024-08-06 | N/A |
The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the `.php6`, `.php7`, `.phtml`, and `.phpt` extensions. Additionally, JHelperMedia::canUpload() did not blacklist these file extensions as uploadable file types. | ||||
CVE-2016-9835 | 1 Zikula | 1 Zikula Application Framework | 2024-08-06 | N/A |
Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file. | ||||
CVE-2016-9599 | 2 Openstack, Redhat | 2 Puppet-tripleo, Openstack | 2024-08-06 | N/A |
puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources. | ||||
CVE-2016-9639 | 1 Saltstack | 1 Salt | 2024-08-06 | N/A |
Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching. | ||||
CVE-2016-9565 | 2 Nagios, Redhat | 3 Nagios, Openstack, Storage | 2024-08-06 | N/A |
MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed server. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4796. | ||||
CVE-2016-9468 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2024-08-06 | N/A |
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information. | ||||
CVE-2016-9462 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2024-08-06 | N/A |
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to restore old versions. | ||||
CVE-2016-9467 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2024-08-06 | N/A |
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user. | ||||
CVE-2016-9461 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2024-08-06 | N/A |
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files. | ||||
CVE-2016-9460 | 2 Nextcloud, Owncloud | 2 Nextcloud, Owncloud | 2024-08-06 | N/A |
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user. | ||||
CVE-2016-9356 | 1 Moxa | 1 Dacenter | 2024-08-06 | N/A |
An issue was discovered in Moxa DACenter Versions 1.4 and older. The application may suffer from an unquoted search path issue. | ||||
CVE-2016-9415 | 2 Microsoft, Mybb | 3 Windows, Merge System, Mybb | 2024-08-06 | N/A |
MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows allow remote attackers to overwrite arbitrary CSS files via vectors related to "style import." |