Total
322963 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-3182 | 1 Uclouvain | 1 Openjpeg | 2024-11-21 | 5.5 Medium |
| The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before 2.1.1 allows attackers to cause a denial of service (memory corruption) via a crafted jpeg 2000 file. | ||||
| CVE-2016-3131 | 1 Cloudera | 1 Cdh | 2024-11-21 | 6.5 Medium |
| Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls. | ||||
| CVE-2016-3098 | 1 Thoughtbot | 1 Administrate | 2024-11-21 | 5.4 Medium |
| Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user's OAuth autorization code. | ||||
| CVE-2016-2983 | 1 Ibm | 1 Tealeaf Customer Experience | 2024-11-21 | N/A |
| IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security. IBM X-Force ID: 113999. | ||||
| CVE-2016-2922 | 1 Ibm | 1 Rational Clearquest | 2024-11-21 | N/A |
| IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353. | ||||
| CVE-2016-2541 | 1 Audacityteam | 1 Audacity | 2024-11-21 | N/A |
| Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP2 file. | ||||
| CVE-2016-2540 | 1 Audacityteam | 1 Audacity | 2024-11-21 | N/A |
| Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted FORMATCHUNK structure. | ||||
| CVE-2016-2360 | 1 Milesight | 2 Ip Security Camera, Ip Security Camera Firmware | 2024-11-21 | 9.8 Critical |
| Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations. | ||||
| CVE-2016-2359 | 1 Milesight | 2 Ip Security Camera, Ip Security Camera Firmware | 2024-11-21 | 9.8 Critical |
| Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource. | ||||
| CVE-2016-2358 | 1 Milesight | 2 Ip Security Camera, Ip Security Camera Firmware | 2024-11-21 | 9.8 Critical |
| Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts. | ||||
| CVE-2016-2357 | 1 Milesight | 2 Ip Security Camera, Ip Security Camera Firmware | 2024-11-21 | 9.8 Critical |
| Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory. | ||||
| CVE-2016-2356 | 1 Milesight | 2 Ip Security Camera, Ip Security Camera Firmware | 2024-11-21 | 9.8 Critical |
| Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password. | ||||
| CVE-2016-2338 | 2 Debian, Ruby-lang | 2 Debian Linux, Ruby | 2024-11-21 | 9.8 Critical |
| An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow. | ||||
| CVE-2016-2169 | 1 Cloudfoundry | 3 Capi-release, Cf-release, Cloud Controller | 2024-11-21 | N/A |
| Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and receive traffic intended for the service. | ||||
| CVE-2016-2139 | 1 Kippo-graph Project | 1 Kippo-graph | 2024-11-21 | 6.4 Medium |
| In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in $file_link in class/KippoInput.class.php. | ||||
| CVE-2016-2138 | 1 Kippo-graph Project | 1 Kippo-graph | 2024-11-21 | 6.4 Medium |
| In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in xss_clean() in class/KippoInput.class.php. | ||||
| CVE-2016-2125 | 2 Redhat, Samba | 10 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 7 more | 2024-11-21 | 6.5 Medium |
| It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. | ||||
| CVE-2016-2124 | 5 Canonical, Debian, Fedoraproject and 2 more | 26 Ubuntu Linux, Debian Linux, Fedora and 23 more | 2024-11-21 | 5.9 Medium |
| A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. | ||||
| CVE-2016-2123 | 1 Samba | 1 Samba | 2024-11-21 | 8.8 High |
| A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation. | ||||
| CVE-2016-2121 | 1 Redhat | 1 Openstack | 2024-11-21 | N/A |
| A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access unauthorized system information. | ||||