Total
324416 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-3953 | 1 Web2py | 1 Web2py | 2024-11-21 | N/A |
| The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function. | ||||
| CVE-2016-3952 | 1 Web2py | 1 Web2py | 2024-11-21 | N/A |
| web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/template_examples/beautify. NOTE: this issue can be leveraged by remote attackers to gain administrative access. | ||||
| CVE-2016-3735 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 8.1 High |
| Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaults to usingmt_rand in order to generate password reset tokens. mt_rand output can be predicted after recovering the seed used to generate it. This low an unauthenticated attacker to take over an account providing they know an administrators email address in order to be able to request password reset. | ||||
| CVE-2016-3192 | 1 Cloudera | 1 Cloudera Manager | 2024-11-21 | 6.5 Medium |
| Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files. | ||||
| CVE-2016-3182 | 1 Uclouvain | 1 Openjpeg | 2024-11-21 | 5.5 Medium |
| The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before 2.1.1 allows attackers to cause a denial of service (memory corruption) via a crafted jpeg 2000 file. | ||||
| CVE-2016-3131 | 1 Cloudera | 1 Cdh | 2024-11-21 | 6.5 Medium |
| Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls. | ||||
| CVE-2016-3098 | 1 Thoughtbot | 1 Administrate | 2024-11-21 | 5.4 Medium |
| Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user's OAuth autorization code. | ||||
| CVE-2016-2983 | 1 Ibm | 1 Tealeaf Customer Experience | 2024-11-21 | N/A |
| IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security. IBM X-Force ID: 113999. | ||||
| CVE-2016-2922 | 1 Ibm | 1 Rational Clearquest | 2024-11-21 | N/A |
| IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353. | ||||
| CVE-2016-2541 | 1 Audacityteam | 1 Audacity | 2024-11-21 | N/A |
| Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP2 file. | ||||
| CVE-2016-2540 | 1 Audacityteam | 1 Audacity | 2024-11-21 | N/A |
| Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted FORMATCHUNK structure. | ||||
| CVE-2016-2360 | 1 Milesight | 2 Ip Security Camera, Ip Security Camera Firmware | 2024-11-21 | 9.8 Critical |
| Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations. | ||||
| CVE-2016-2359 | 1 Milesight | 2 Ip Security Camera, Ip Security Camera Firmware | 2024-11-21 | 9.8 Critical |
| Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource. | ||||
| CVE-2016-2358 | 1 Milesight | 2 Ip Security Camera, Ip Security Camera Firmware | 2024-11-21 | 9.8 Critical |
| Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts. | ||||
| CVE-2016-2357 | 1 Milesight | 2 Ip Security Camera, Ip Security Camera Firmware | 2024-11-21 | 9.8 Critical |
| Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory. | ||||
| CVE-2016-2356 | 1 Milesight | 2 Ip Security Camera, Ip Security Camera Firmware | 2024-11-21 | 9.8 Critical |
| Milesight IP security cameras through 2016-11-14 have a buffer overflow in a web application via a long username or password. | ||||
| CVE-2016-2338 | 2 Debian, Ruby-lang | 2 Debian Linux, Ruby | 2024-11-21 | 9.8 Critical |
| An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow. | ||||
| CVE-2016-2169 | 1 Cloudfoundry | 3 Capi-release, Cf-release, Cloud Controller | 2024-11-21 | N/A |
| Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and receive traffic intended for the service. | ||||
| CVE-2016-2139 | 1 Kippo-graph Project | 1 Kippo-graph | 2024-11-21 | 6.4 Medium |
| In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in $file_link in class/KippoInput.class.php. | ||||
| CVE-2016-2138 | 1 Kippo-graph Project | 1 Kippo-graph | 2024-11-21 | 6.4 Medium |
| In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in xss_clean() in class/KippoInput.class.php. | ||||