Total
4704 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-7792 | 1 Ubiquiti Networks | 2 Unifi Ap Ac Lite, Unifi Ap Ac Lite Firmware | 2025-04-20 | N/A |
| Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it. | ||||
| CVE-2016-6760 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29617572. References: QC-CR#1055783. | ||||
| CVE-2016-1220 | 1 Cybozu | 1 Garoon | 2025-04-20 | N/A |
| Cybozu Garoon before 4.2.2 does not properly restrict access. | ||||
| CVE-2016-1178 | 1 Appleple | 1 A-blog Cms | 2025-04-20 | N/A |
| The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors. | ||||
| CVE-2016-10514 | 1 Piwigo | 1 Piwigo | 2025-04-20 | N/A |
| url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring. | ||||
| CVE-2016-7054 | 1 Openssl | 1 Openssl | 2025-04-20 | N/A |
| In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS. | ||||
| CVE-2016-10370 | 1 Oneplus | 2 Oneplus 3t, Oxygenos | 2025-04-20 | N/A |
| An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs (due to the digital signature), it unnecessarily increases the attack surface, and allows for remote exploitation of other vulnerabilities such as CVE-2017-5948, CVE-2017-8850, and CVE-2017-8851. | ||||
| CVE-2016-9817 | 1 Xen | 1 Xen | 2025-04-20 | N/A |
| Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set. | ||||
| CVE-2016-10369 | 1 Lxterminal Project | 1 Lxterminal | 2025-04-20 | N/A |
| unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control). | ||||
| CVE-2016-10334 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Android releases from CAF using the Linux kernel, a dynamically-protected DDR region could potentially get overwritten. | ||||
| CVE-2016-10333 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Android releases from CAF using the Linux kernel, a sensitive system call was allowed to be called by HLOS. | ||||
| CVE-2016-10223 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | N/A |
| An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashboard/check-module-integrity.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | ||||
| CVE-2016-10193 | 1 Espeak-ruby Project | 1 Espeak-ruby | 2025-04-20 | N/A |
| The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the speak, save, bytes or bytes_wav method in lib/espeak/speech.rb. | ||||
| CVE-2016-10144 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 9.8 Critical |
| coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check. | ||||
| CVE-2016-10335 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Android releases from CAF using the Linux kernel, libtomcrypt was updated. | ||||
| CVE-2015-7494 | 1 Ibm | 2 Cloud Orchestrator, Smartcloud Orchestrator | 2025-04-20 | N/A |
| A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain. | ||||
| CVE-2016-10026 | 1 Ikiwiki | 1 Ikiwiki | 2025-04-20 | N/A |
| ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made. | ||||
| CVE-2016-4383 | 1 Hp | 1 Helion Openstack Glance | 2025-04-20 | N/A |
| The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change. | ||||
| CVE-2016-0768 | 1 Postgresql | 1 Postgresql | 2025-04-20 | N/A |
| PostgreSQL PL/Java after 9.0 does not honor access controls on large objects. | ||||
| CVE-2016-10237 | 1 Google | 1 Android | 2025-04-20 | N/A |
| If shared content protection memory were passed as the secure camera memory buffer by the HLOS to a trusted application (TA) in all Android releases from CAF using the Linux kernel, the TA would not detect an issue and it would be treated as secure memory. | ||||