Total
3540 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-9905 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Firefox Esr, Thunderbird and 4 more | 2024-11-21 | N/A |
| A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6. | ||||
| CVE-2016-9722 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | N/A |
| IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 119737. | ||||
| CVE-2016-9645 | 1 Ikiwiki | 1 Ikiwiki | 2024-11-21 | N/A |
| The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229. | ||||
| CVE-2016-9599 | 2 Openstack, Redhat | 2 Puppet-tripleo, Openstack | 2024-11-21 | N/A |
| puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources. | ||||
| CVE-2016-8656 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-11-21 | N/A |
| Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation. | ||||
| CVE-2016-8629 | 1 Redhat | 5 Enterprise Linux Server, Jboss Single Sign On, Keycloak and 2 more | 2024-11-21 | N/A |
| Red Hat Keycloak before version 2.4.0 did not correctly check permissions when handling service account user deletion requests sent to the rest server. An attacker with service account authentication could use this flaw to bypass normal permissions and delete users in a separate realm. | ||||
| CVE-2016-8529 | 1 Hp | 1 Lefthand | 2024-11-21 | N/A |
| A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual 4000 Storage and StoreVirtual VSA Software running LeftHand OS version v12.5 and earlier was found. The problem was resolved in LeftHand OS v12.6 or any subsequent version. | ||||
| CVE-2016-8365 | 1 Osisoft | 4 Pi Af Client, Pi Buffer Subsystem, Pi Data Archive and 1 more | 2024-11-21 | N/A |
| OSIsoft PI System software (Applications using PI Asset Framework (AF) Client versions prior to PI AF Client 2016, Version 2.8.0; Applications using PI Software Development Kit (SDK) versions prior to PI SDK 2016, Version 1.4.6; PI Buffer Subsystem, versions prior to and including, Version 4.4; and PI Data Archive versions prior to PI Data Archive 2015, Version 3.4.395.64) operates between endpoints without a complete model of endpoint features potentially causing the product to perform actions based on this incomplete model, which could result in a denial of service. OSIsoft reports that in order to exploit the vulnerability an attacker would need to be locally connected to a server. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) | ||||
| CVE-2016-7048 | 1 Postgresql | 1 Postgresql | 2024-11-21 | 8.1 High |
| The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software. | ||||
| CVE-2016-6598 | 1 Bmc | 1 Track-it\! | 2024-11-21 | N/A |
| BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to upload a file to the web root and achieve code execution as NETWORK SERVICE or SYSTEM. | ||||
| CVE-2016-6543 | 1 Ieasytec | 1 Itrack Easy | 2024-11-21 | N/A |
| A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data, which can allow unauthenticated parties to track the device. | ||||
| CVE-2016-4427 | 1 Zulip | 1 Zulip | 2024-11-21 | 7.5 High |
| In zulip before 1.3.12, deactivated users could access messages if SSO was enabled. | ||||
| CVE-2016-4426 | 1 Zulip | 1 Zulip | 2024-11-21 | 4.3 Medium |
| In zulip before 1.3.12, bot API keys were accessible to other users in the same realm. | ||||
| CVE-2016-1587 | 1 Snapweb | 1 Snapweb | 2024-11-21 | N/A |
| The Snapweb interface before version 0.21.2 was exposing controls to install or remove snap packages without controlling the identity of the user, nor the origin of the connection. An attacker could have used the controls to remotely add a valid, but malicious, snap package, from the Store, potentially using system resources without permission from the legitimate administrator of the system. | ||||
| CVE-2016-10860 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66). | ||||
| CVE-2016-10857 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60). | ||||
| CVE-2016-10856 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29). | ||||
| CVE-2016-10852 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85). | ||||
| CVE-2016-10838 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70). | ||||
| CVE-2016-10830 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100). | ||||