Total
324482 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-10724 | 1 Bitcoin | 3 Bitcoin-qt, Bitcoin Core, Bitcoind | 2024-11-21 | N/A |
| Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain private key that had been known by unintended actors, because of an infinitely sized map. This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins. | ||||
| CVE-2016-10723 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
| An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that "the underlying problem is non-trivial to handle. | ||||
| CVE-2016-10722 | 1 Partclone Project | 1 Partclone | 2024-11-21 | 9.8 Critical |
| partclone.fat in Partclone before 0.2.88 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the FAT superblock, related to the mark_reserved_sectors function. An attacker may be able to execute arbitrary code in the context of the user running the affected application. | ||||
| CVE-2016-10721 | 1 Partclone | 1 Partclone | 2024-11-21 | N/A |
| partclone.restore in Partclone 0.2.87 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to execute arbitrary code in the context of the user running the affected application. | ||||
| CVE-2016-10719 | 1 Tp-link | 2 Archer Cr700, Archer Cr700 Firmware | 2024-11-21 | N/A |
| TP-Link Archer CR-700 1.0.6 devices have an XSS vulnerability that can be introduced into the admin account through a DHCP request, allowing the attacker to steal the cookie information, which contains the base64 encoded username and password. | ||||
| CVE-2016-10718 | 1 Brave | 1 Brave Browser | 2024-11-21 | N/A |
| Brave Browser before 0.13.0 allows a tab to close itself even if the tab was not opened by a script, resulting in denial of service. | ||||
| CVE-2016-10717 | 1 Malwarebytes | 1 Malwarebytes Anti-malware | 2024-11-21 | N/A |
| A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP. | ||||
| CVE-2016-10716 | 1 Mail.ru | 1 Calendar | 2024-11-21 | N/A |
| The Mail.ru Calendar plugin before 2.5.0.61 for Atlassian Jira has XSS via the Name field in a Create Calender action, related to a MailRuCalendar.jspa#period/month URI. | ||||
| CVE-2016-10715 | 1 Artezio | 1 Kanban Board | 2024-11-21 | N/A |
| The Artezio Kanban Board plugin 1.4 revision 1914 for Atlassian Jira has XSS via the Board Name in a Create New Board action, related to an artezioboard/mainPage.jspa?kanbanId=7#/kanban-view URI. | ||||
| CVE-2016-10714 | 2 Canonical, Zsh | 2 Ubuntu Linux, Zsh | 2024-11-21 | N/A |
| In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters. | ||||
| CVE-2016-10713 | 2 Gnu, Redhat | 2 Patch, Enterprise Linux | 2024-11-21 | N/A |
| An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file. | ||||
| CVE-2016-10712 | 2 Canonical, Php | 2 Ubuntu Linux, Php | 2024-11-21 | N/A |
| In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = stream_get_meta_data(fopen($file, "r"))['uri']" call mishandles the case where $file is data:text/plain;uri=eviluri, -- in other words, metadata can be set by an attacker. | ||||
| CVE-2016-10711 | 2 Apsis, Debian | 2 Pound, Debian Linux | 2024-11-21 | N/A |
| Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751. | ||||
| CVE-2016-10710 | 1 Biscom | 1 Secure File Transfer | 2024-11-21 | N/A |
| Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files via crafted requests. Version 5.0.1050 contains the fix. | ||||
| CVE-2016-10709 | 1 Pfsense | 1 Pfsense | 2024-11-21 | N/A |
| pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php. | ||||
| CVE-2016-10708 | 5 Canonical, Debian, Netapp and 2 more | 13 Ubuntu Linux, Debian Linux, Cloud Backup and 10 more | 2024-11-21 | N/A |
| sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. | ||||
| CVE-2016-10707 | 1 Jquery | 1 Jquery | 2024-11-21 | 7.5 High |
| jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit. | ||||
| CVE-2016-10706 | 1 Automattic | 1 Jetpack | 2024-11-21 | N/A |
| The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link. | ||||
| CVE-2016-10705 | 1 Automattic | 1 Jetpack | 2024-11-21 | N/A |
| The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module. | ||||
| CVE-2016-10698 | 1 Mystem-fix Project | 1 Mystem-fix | 2024-11-21 | N/A |
| mystem-fix is a node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem-fix downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | ||||