Total
12261 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-10788 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 60.0.25 allows arbitrary code execution via Maketext in PostgreSQL adminbin (SEC-188). | ||||
| CVE-2016-10787 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| The Host Access Control feature in cPanel before 60.0.25 mishandles actionless host.deny entries (SEC-187). | ||||
| CVE-2016-10775 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 60.0.25 allows arbitrary file-chown operations via reassign_post_terminate_cruft (SEC-173). | ||||
| CVE-2016-10771 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165). | ||||
| CVE-2016-10770 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164). | ||||
| CVE-2016-10768 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 60.0.25 allows file-overwrite operations during preparation for MySQL upgrades (SEC-161). | ||||
| CVE-2016-10765 | 1 Edx | 1 Edx-platform | 2024-11-21 | 5.3 Medium |
| edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address. | ||||
| CVE-2016-10739 | 3 Gnu, Opensuse, Redhat | 4 Glibc, Leap, Ansible Tower and 1 more | 2024-11-21 | N/A |
| In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings. | ||||
| CVE-2016-10728 | 1 Suricata-ids | 1 Suricata | 2024-11-21 | N/A |
| An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error packet is received as the first packet on a flow in the to_client direction, it confuses the rule grouping lookup logic. The toclient inspection will then continue with the wrong rule group. This can lead to missed detection. | ||||
| CVE-2016-10718 | 1 Brave | 1 Brave Browser | 2024-11-21 | N/A |
| Brave Browser before 0.13.0 allows a tab to close itself even if the tab was not opened by a script, resulting in denial of service. | ||||
| CVE-2016-10712 | 2 Canonical, Php | 2 Ubuntu Linux, Php | 2024-11-21 | N/A |
| In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = stream_get_meta_data(fopen($file, "r"))['uri']" call mishandles the case where $file is data:text/plain;uri=eviluri, -- in other words, metadata can be set by an attacker. | ||||
| CVE-2016-10710 | 1 Biscom | 1 Secure File Transfer | 2024-11-21 | N/A |
| Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files via crafted requests. Version 5.0.1050 contains the fix. | ||||
| CVE-2016-10708 | 5 Canonical, Debian, Netapp and 2 more | 13 Ubuntu Linux, Debian Linux, Cloud Backup and 10 more | 2024-11-21 | N/A |
| sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. | ||||
| CVE-2016-10555 | 1 Jwt-simple Project | 1 Jwt-simple | 2024-11-21 | N/A |
| Since "algorithm" isn't enforced in jwt.decode()in jwt-simple 0.3.0 and earlier, a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key. This could be used to forge any data an attacker wants. | ||||
| CVE-2016-10544 | 1 Uws Project | 1 Uws | 2024-11-21 | N/A |
| uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data will then inflate up to 256mb and crash the node process by exceeding V8's maximum string size. This affects uws >=0.10.0 <=0.10.8. | ||||
| CVE-2016-10543 | 1 Call Project | 1 Call | 2024-11-21 | N/A |
| call is an HTTP router that is primarily used by the hapi framework. There exists a bug in call versions 2.0.1-3.0.1 that does not validate empty parameters, which could result in invalid input bypassing the route validation rules. | ||||
| CVE-2016-10542 | 1 Ws Project | 1 Ws | 2024-11-21 | N/A |
| ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier. | ||||
| CVE-2016-10540 | 1 Minimatch Project | 1 Minimatch | 2024-11-21 | N/A |
| Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the `pattern` parameter. | ||||
| CVE-2016-10539 | 1 Negotiator Project | 1 Negotiator | 2024-11-21 | N/A |
| negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string. | ||||
| CVE-2016-10521 | 1 Jshamcrest Project | 1 Jshamcrest | 2024-11-21 | 7.5 High |
| jshamcrest is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in to the emailAddress validator. | ||||