Total
3568 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-4426 | 1 Zulip | 1 Zulip | 2024-11-21 | 4.3 Medium |
| In zulip before 1.3.12, bot API keys were accessible to other users in the same realm. | ||||
| CVE-2016-1587 | 1 Snapweb | 1 Snapweb | 2024-11-21 | N/A |
| The Snapweb interface before version 0.21.2 was exposing controls to install or remove snap packages without controlling the identity of the user, nor the origin of the connection. An attacker could have used the controls to remotely add a valid, but malicious, snap package, from the Store, potentially using system resources without permission from the legitimate administrator of the system. | ||||
| CVE-2016-10860 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66). | ||||
| CVE-2016-10857 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60). | ||||
| CVE-2016-10856 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29). | ||||
| CVE-2016-10852 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85). | ||||
| CVE-2016-10838 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70). | ||||
| CVE-2016-10830 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100). | ||||
| CVE-2016-10820 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31). | ||||
| CVE-2016-10802 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142). | ||||
| CVE-2016-10799 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137). | ||||
| CVE-2016-10792 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141). | ||||
| CVE-2016-10549 | 1 Sailsjs | 1 Sails | 2024-11-21 | N/A |
| Sails is an MVC style framework for building realtime web applications. Version 0.12.7 and lower have an issue with the CORS configuration where the value of the origin header is reflected as the value for the Access-Control-Allow-Origin header. This would allow an attacker to make AJAX requests to vulnerable hosts through cross site scripting or a malicious HTML Document, effectively bypassing the Same Origin Policy. Note that this is only an issue when `allRoutes` is set to `true` and `origin` is set to `*` or left commented out in the sails CORS config file. The problem can be compounded when the cors `credentials` setting is not provided. At that point authenticated cross domain requests are possible. | ||||
| CVE-2016-10472 | 1 Qualcomm | 54 Mdm9206, Mdm9206 Firmware, Mdm9607 and 51 more | 2024-11-21 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, address and size passed to SCM command 'TZ_INFO_GET_SECURE_STATE_LEGACY_ID' from HLOS Kernel were not being checked, so access outside DDR would occur. | ||||
| CVE-2016-10462 | 1 Qualcomm | 46 Sd 410, Sd 410 Firmware, Sd 412 and 43 more | 2024-11-21 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, the Access Control policy for HLOS allows access to Slimbus, GPU, GIC resources. | ||||
| CVE-2016-10444 | 1 Qualcomm | 22 Mdm9206, Mdm9206 Firmware, Sd 205 and 19 more | 2024-11-21 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, and SD 835, SMMU Access Control Policy was updated to block HLOS from accessing BLSP and BAM resources. | ||||
| CVE-2016-10442 | 1 Qualcomm | 14 Mdm9640, Mdm9640 Firmware, Mdm9650 and 11 more | 2024-11-21 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9640, SDM630, MSM8976, MSM8937, SDM845, MSM8976, and MSM8952, when running module or kernel code with improper access control allowing writing to arbitrary regions of memory, the user may utilize this vector to alter module executable code. | ||||
| CVE-2016-10440 | 1 Qualcomm | 12 Sd 425, Sd 425 Firmware, Sd 430 and 9 more | 2024-11-21 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, and SD 650/52, there is improper access control to a bus. | ||||
| CVE-2016-10422 | 1 Qualcomm | 60 Fsm9055, Fsm9055 Firmware, Ipq4019 and 57 more | 2024-11-21 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear FSM9055, IPQ4019, MDM9206, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, improper access control in system call leads to unauthorized access. | ||||
| CVE-2016-10418 | 1 Qualcomm | 28 Mdm9206, Mdm9206 Firmware, Mdm9650 and 25 more | 2024-11-21 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, and SD 835, HLOS can enable PMIC debug through TCSR_QPDI_DISABLE_CFG due to improper access control. | ||||