Total
324652 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-10299 | 1 Google | 1 Android | 2024-11-21 | N/A |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32577244. | ||||
| CVE-2016-10298 | 1 Google | 1 Android | 2024-11-21 | N/A |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393252. | ||||
| CVE-2016-10258 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code. | ||||
| CVE-2016-10257 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2024-11-21 | N/A |
| The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256. | ||||
| CVE-2016-10256 | 1 Broadcom | 1 Symantec Proxysg | 2024-11-21 | N/A |
| The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257. | ||||
| CVE-2016-10245 | 2 Doxygen, Redhat | 2 Doxygen, Enterprise Linux | 2024-11-21 | N/A |
| Insufficient sanitization of the query parameter in templates/html/search_opensearch.php could lead to reflected cross-site scripting or iframe injection. | ||||
| CVE-2016-10236 | 1 Google | 1 Android | 2024-11-21 | N/A |
| An information disclosure vulnerability in the Qualcomm USB driver. Product: Android. Versions: Android kernel. Android ID: A-33280689. References: QC-CR#1102418. | ||||
| CVE-2016-10235 | 1 Google | 1 Android | 2024-11-21 | N/A |
| A denial of service vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android kernel. Android ID: A-34390620. References: QC-CR#1046409. | ||||
| CVE-2016-10234 | 1 Google | 1 Android | 2024-11-21 | N/A |
| An information disclosure vulnerability in the Qualcomm IPA driver. Product: Android. Versions: Android kernel. Android ID: A-34390017. References: QC-CR#1069060. | ||||
| CVE-2016-10233 | 1 Google | 1 Android | 2024-11-21 | N/A |
| An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-34389926. References: QC-CR#897452. | ||||
| CVE-2016-10232 | 1 Google | 1 Android | 2024-11-21 | N/A |
| An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-34386696. References: QC-CR#1024872. | ||||
| CVE-2016-10231 | 1 Google | 1 Android | 2024-11-21 | N/A |
| An elevation of privilege vulnerability in the Qualcomm sound codec driver. Product: Android. Versions: Android kernel. Android ID: A-33966912. References: QC-CR#1096799. | ||||
| CVE-2016-10230 | 1 Google | 1 Android | 2024-11-21 | N/A |
| A remote code execution vulnerability in the Qualcomm crypto driver. Product: Android. Versions: Android kernel. Android ID: A-34389927. References: QC-CR#1091408. | ||||
| CVE-2016-10036 | 1 Jfrog | 1 Artifactory | 2024-11-21 | N/A |
| Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of service by uploading an HTML file. | ||||
| CVE-2016-10008 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
| SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter. | ||||
| CVE-2016-10007 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
| SQL injection vulnerability in the "Marketing > Forms" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_FORM_HANDLER_orderBy parameter. | ||||
| CVE-2016-1000282 | 1 Haraka Project | 1 Haraka | 2024-11-21 | N/A |
| Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection. | ||||
| CVE-2016-1000271 | 1 Dthdevelopment | 1 Dt Register | 2024-11-21 | N/A |
| Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in "/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events". This attack appears to be exploitable if the attacker can reach the web server. | ||||
| CVE-2016-1000237 | 1 Apostrophecms | 1 Sanitize-html | 2024-11-21 | 6.1 Medium |
| sanitize-html before 1.4.3 has XSS. | ||||
| CVE-2016-1000236 | 2 Cookie-signature Project, Debian | 2 Cookie-signature, Debian Linux | 2024-11-21 | 4.4 Medium |
| Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used. | ||||