Total
415 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-1520 | 1 Grandstream | 1 Wave | 2024-11-21 | N/A |
| The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application. | ||||
| CVE-2016-10933 | 1 Portaudio Project | 1 Portaudio | 2024-11-21 | N/A |
| An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP. | ||||
| CVE-2016-10932 | 2 Hyper, Microsoft | 2 Hyper, Windows | 2024-11-21 | N/A |
| An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-middle vulnerability because hostname verification was omitted. | ||||
| CVE-2016-10894 | 2 Debian, Xtrlock Project | 2 Debian Linux, Xtrlock | 2024-11-21 | 4.6 Medium |
| xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various programs such as Chromium via events such as pan scrolling, "pinch and zoom" gestures, or even regular mouse clicks (by depressing the touchpad once and then clicking with a different finger). | ||||
| CVE-2016-10772 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168). | ||||
| CVE-2016-10746 | 2 Debian, Redhat | 2 Debian Linux, Libvirt | 2024-11-21 | N/A |
| libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886. | ||||
| CVE-2016-10717 | 1 Malwarebytes | 1 Malwarebytes Anti-malware | 2024-11-21 | N/A |
| A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP. | ||||
| CVE-2016-10552 | 1 Infragistics | 1 Igniteui | 2024-11-21 | N/A |
| igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol. | ||||
| CVE-2016-10517 | 1 Redislabs | 1 Redis | 2024-11-21 | N/A |
| networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port). | ||||
| CVE-2016-10443 | 1 Qualcomm | 58 Mdm9206, Mdm9206 Firmware, Mdm9607 and 55 more | 2024-11-21 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, packet replay may be possible. | ||||
| CVE-2016-10336 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In all Android releases from CAF using the Linux kernel, some regions of memory were not protected during boot. | ||||
| CVE-2016-10332 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In all Android releases from CAF using the Linux kernel, stack protection was not enabled for secure applications. | ||||
| CVE-2016-10321 | 1 Web2py | 1 Web2py | 2024-11-21 | N/A |
| web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks. | ||||
| CVE-2016-10224 | 1 Sauter-controls | 1 Novaweb Web Hmi | 2024-11-21 | 7.2 High |
| An issue was discovered in Sauter NovaWeb web HMI. The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user. | ||||
| CVE-2016-10185 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered on the D-Link DWR-932B router. A secure_mode=no line exists in /var/miniupnpd.conf. | ||||
| CVE-2016-10178 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command. | ||||
| CVE-2016-10148 | 1 Wordpress | 1 Wordpress | 2024-11-21 | N/A |
| The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896. | ||||
| CVE-2016-0332 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2024-11-21 | N/A |
| IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. IBM X-Force ID: 111695. | ||||
| CVE-2016-0274 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | N/A |
| IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote attackers to conduct clickjacking attacks via a crafted web site. IBM X-Force ID: 111076. | ||||
| CVE-2015-9331 | 1 Soflyy | 1 Wp All Import | 2024-11-21 | N/A |
| The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit. | ||||