Total
12295 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-7475 | 1 F5 | 8 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Application Acceleration Manager and 5 more | 2024-11-21 | N/A |
| Under some circumstances on BIG-IP 12.0.0-12.1.0, 11.6.0-11.6.1, or 11.4.0-11.5.4 HF1, the Traffic Management Microkernel (TMM) may not properly clean-up pool member network connections when using SPDY or HTTP/2 virtual server profiles. | ||||
| CVE-2016-7472 | 1 F5 | 1 Big-ip Application Security Manager | 2024-11-21 | N/A |
| F5 BIG-IP ASM version 12.1.0 - 12.1.1 may allow remote attackers to cause a denial of service (DoS) via a crafted HTTP request. | ||||
| CVE-2016-7074 | 2 Debian, Powerdns | 3 Debian Linux, Authoritative, Recursor | 2024-11-21 | N/A |
| An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leading to the possibility of parsing records that are not covered by the TSIG signature. | ||||
| CVE-2016-7073 | 2 Debian, Powerdns | 3 Debian Linux, Authoritative, Recursor | 2024-11-21 | N/A |
| An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in AXFRRetriever, leading to a possible replay attack. | ||||
| CVE-2016-7072 | 2 Debian, Powerdns | 2 Debian Linux, Authoritative | 2024-11-21 | N/A |
| An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and terminates the whole PowerDNS process. While it's more complicated for an unauthorized attacker to make the web server run out of file descriptors since its connection will be closed just after being accepted, it might still be possible. | ||||
| CVE-2016-7069 | 1 Powerdns | 1 Dnsdist | 2024-11-21 | N/A |
| An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to be removed before forwarding the response to the initial client. On a 32-bit system, the pointer arithmetic used when parsing the received response to remove that record might trigger an undefined behavior leading to a crash. | ||||
| CVE-2016-7068 | 2 Debian, Powerdns | 3 Debian Linux, Authoritative, Recursor | 2024-11-21 | N/A |
| An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted query containing a large number of records can be used to take advantage of that behaviour. | ||||
| CVE-2016-6810 | 1 Apache | 1 Activemq | 2024-11-21 | N/A |
| In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation. | ||||
| CVE-2016-6589 | 1 Symantec | 1 It Management Suite | 2024-11-21 | 6.5 Medium |
| A Denial of Service vulnerability exists in the ITMS workflow process manager login window in Symantec IT Management Suite 8.0. | ||||
| CVE-2016-6586 | 1 Symantec | 1 Norton Mobile Security | 2024-11-21 | 3.7 Low |
| A security bypass vulnerability exists in Symantec Norton Mobile Security for Android before 3.16, which could let a malicious user conduct a man-in-the-middle via specially crafted JavaScript to add arbitrary URLs to the URL whitelist. | ||||
| CVE-2016-6585 | 1 Symantec | 1 Norton Mobile Security | 2024-11-21 | 5.3 Medium |
| A Denial of Service vulnerability exists in Symantec Norton Mobile Security for Android prior to 3.16, which could let a remote malicious user conduct a man-in-the-middle attack via specially crafted JavaScript. | ||||
| CVE-2016-6567 | 1 Shdesigns | 1 Resident Download Manager | 2024-11-21 | N/A |
| SHDesigns' Resident Download Manager provides firmware update capabilities for Rabbit 2000/3000 CPU boards, which according to the reporter may be used in some industrial control and embedded applications. The Resident Download Manager does not verify that the firmware is authentic before executing code and deploying the firmware to devices. A remote attacker with the ability to send UDP traffic to the device may be able to execute arbitrary code on the device. According to SHDesigns' website, the Resident Download Manager and other Rabbit Tools have been discontinued since June 2011. | ||||
| CVE-2016-6565 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | N/A |
| The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some circumstances (dependent on server configuration). | ||||
| CVE-2016-6542 | 1 Ieasytec | 1 Itrackeasy | 2024-11-21 | N/A |
| The iTrack device tracking ID number, also called "LosserID" in the web API, can be obtained by being in the range of an iTrack device. The tracker ID is the device's BLE MAC address. | ||||
| CVE-2016-5298 | 2 Google, Mozilla | 2 Android, Firefox | 2024-11-21 | N/A |
| A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox < 50. | ||||
| CVE-2016-5294 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-11-21 | N/A |
| The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. | ||||
| CVE-2016-5293 | 3 Debian, Microsoft, Mozilla | 4 Debian Linux, Windows, Firefox and 1 more | 2024-11-21 | N/A |
| When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50. | ||||
| CVE-2016-5292 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50. | ||||
| CVE-2016-5291 | 3 Debian, Mozilla, Redhat | 5 Debian Linux, Firefox, Firefox Esr and 2 more | 2024-11-21 | N/A |
| A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. | ||||
| CVE-2016-2983 | 1 Ibm | 1 Tealeaf Customer Experience | 2024-11-21 | N/A |
| IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security. IBM X-Force ID: 113999. | ||||