CVE-2016-10xxx

There are 969 CVE in this subgroup.
Last updated: 
← Back to 2016
ID Summary Flags Max Score
CVE-2016-10002 Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy ...
S
CVE-2016-10003 Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 throu...
S
CVE-2016-10005 Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to obtain sensitive information via...
E
CVE-2016-10006 In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style w...
S
CVE-2016-10007 SQL injection vulnerability in the "Marketing > Forms" screen in dotCMS before 3.7.2 and 4.x before ...
E
CVE-2016-10008 SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.7.2 and...
E
CVE-2016-10009 Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote ...
E S
CVE-2016-10010 sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain soc...
E S
CVE-2016-10011 authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer...
S
CVE-2016-10012 The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before...
S
CVE-2016-10013 Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishan...
S
CVE-2016-10014 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-10015 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-10016 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-10017 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-10018 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-10019 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-10020 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-10021 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-10022 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-10023 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-10024 Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (h...
S
CVE-2016-10025 VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka ...
S
CVE-2016-10026 ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page o...
CVE-2016-10027 Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting...
S
CVE-2016-10028 The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built w...
S
CVE-2016-10029 The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built with Virtio GPU Device emulat...
S
CVE-2016-10030 The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x b...
S
CVE-2016-10031 WampServer 3.0.6 installs two services called 'wampapache' and 'wampmysqld' with weak file permissio...
E
CVE-2016-10033 The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attacker...
E S
CVE-2016-10034 The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x,...
E
CVE-2016-10036 Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows...
E
CVE-2016-10037 Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attack...
S
CVE-2016-10038 Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attack...
S
CVE-2016-10039 Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attack...
S
CVE-2016-10040 Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attackers to cause a denia...
E S
CVE-2016-10041 An issue was discovered in Sprecher Automation SPRECON-E Service Program before 3.43 SP0. Under cert...
CVE-2016-10042 Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (aka Swisscom Internet-Box) devic...
CVE-2016-10043 An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1. The MSM_MACRO_NAME POST parameter in ...
E
CVE-2016-10044 The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execu...
S
CVE-2016-10045 The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameter...
E S
CVE-2016-10046 Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 ...
S
CVE-2016-10047 Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows rem...
S
CVE-2016-10048 Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers ...
S
CVE-2016-10049 Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows re...
S
CVE-2016-10050 Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allow...
S
CVE-2016-10051 Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 all...
S
CVE-2016-10052 Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows r...
S
CVE-2016-10053 The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers t...
S
CVE-2016-10054 Buffer overflow in the WriteMAPImage function in coders/map.c in ImageMagick before 6.9.5-8 allows r...
S
CVE-2016-10055 Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows r...
S
CVE-2016-10056 Buffer overflow in the sixel_decode function in coders/sixel.c in ImageMagick before 6.9.5-8 allows ...
S
CVE-2016-10057 Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allo...
S
CVE-2016-10058 Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remot...
S
CVE-2016-10059 Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a de...
S
CVE-2016-10060 The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not ch...
S
CVE-2016-10061 The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the retu...
S
CVE-2016-10062 The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the ...
CVE-2016-10063 Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a de...
S
CVE-2016-10064 Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a de...
S
CVE-2016-10065 The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to...
S
CVE-2016-10066 Buffer overflow in the ReadVIFFImage function in coders/viff.c in ImageMagick before 6.9.4-5 allows ...
S
CVE-2016-10067 magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (...
S
CVE-2016-10068 The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of servi...
S
CVE-2016-10069 coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (app...
S
CVE-2016-10070 Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 ...
S
CVE-2016-10071 coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out...
S
CVE-2016-10072 WampServer 3.0.6 has two files called 'wampmanager.exe' and 'unins000.exe' with a weak ACL for Modif...
E
CVE-2016-10073 The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attacke...
E S
CVE-2016-10074 The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remo...
E S
CVE-2016-10075 The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary cod...
CVE-2016-10079 SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (servic...
E
CVE-2016-10081 /usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrar...
E
CVE-2016-10082 include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and...
S
CVE-2016-10083 Cross-site scripting (XSS) vulnerability in admin/plugin.php in Piwigo through 2.8.3 allows remote a...
S
CVE-2016-10084 admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduc...
S
CVE-2016-10085 admin/languages.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct Fi...
S
CVE-2016-10086 RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow...
S
CVE-2016-10087 The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, ...
CVE-2016-10088 The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in...
S
CVE-2016-10089 Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Na...
CVE-2016-10091 Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote attackers to cause a denial-of-se...
S
CVE-2016-10092 Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7...
E S
CVE-2016-10093 Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4,...
E S
CVE-2016-10094 Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 a...
E S
CVE-2016-10095 Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.0alpha4, 4.0....
E
CVE-2016-10096 SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to exec...
CVE-2016-10097 XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Manag...
CVE-2016-10098 An issue was discovered on SendQuick Entera and Avera devices before 2HF16. Multiple Command Injecti...
CVE-2016-10099 Borg (aka BorgBackup) before 1.0.9 has a flaw in the cryptographic protocol used to authenticate the...
M
CVE-2016-10100 Borg (aka BorgBackup) before 1.0.9 has a flaw in the way duplicate archive names were processed duri...
M
CVE-2016-10101 Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users h...
CVE-2016-10102 hitek.jar in Hitek Software's Automize uses weak encryption when encrypting SSH/SFTP and Encryption ...
CVE-2016-10103 Information Disclosure can occur in encryptionProfiles.jsd in Hitek Software's Automize because of t...
CVE-2016-10104 Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read...
CVE-2016-10105 admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections variable while using it to in...
S
CVE-2016-10106 Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2,...
S
CVE-2016-10107 Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 ...
E
CVE-2016-10108 Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 ...
E
CVE-2016-10109 Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of...
CVE-2016-10112 Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.6.9 for WordPress allows...
CVE-2016-10114 SQL injection vulnerability in the "aWeb Cart Watching System for Virtuemart" extension before 2.6.1...
E
CVE-2016-10115 NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_...
M
CVE-2016-10116 NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_...
M
CVE-2016-10117 Firejail does not restrict access to --tmpfs, which allows local users to gain privileges, as demons...
CVE-2016-10118 Firejail allows local users to truncate /etc/resolv.conf via a chroot command to /....
CVE-2016-10119 Firejail uses 0777 permissions when mounting /tmp, which allows local users to gain privileges....
CVE-2016-10120 Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, (3) /var/tmp, or (4) /var/lock,...
CVE-2016-10121 Firejail uses weak permissions for /dev/shm/firejail and possibly other files, which allows local us...
CVE-2016-10122 Firejail does not properly clean environment variables, which allows local users to gain privileges....
CVE-2016-10123 Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privil...
CVE-2016-10124 An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lx...
S
CVE-2016-10125 D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows ...
E M
CVE-2016-10126 Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x...
M
CVE-2016-10127 PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML ...
S
CVE-2016-10128 Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protoc...
S
CVE-2016-10129 The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attac...
S
CVE-2016-10130 The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 mig...
S
CVE-2016-10131 system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary ...
S
CVE-2016-10132 regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer ...
S
CVE-2016-10133 Heap-based buffer overflow in the js_stackoverflow function in jsrun.c in Artifex Software, Inc. MuJ...
S
CVE-2016-10134 SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to ...
E S
CVE-2016-10135 An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0...
CVE-2016-10136 An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The content provider name...
CVE-2016-10137 An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The content provider name...
CVE-2016-10138 An issue was discovered on BLU Advance 5.0 and BLU R1 HD devices with Shanghai Adups software. The c...
CVE-2016-10139 An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The two package names inv...
CVE-2016-10140 Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server conf...
CVE-2016-10141 An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Softwa...
CVE-2016-10142 An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) mes...
CVE-2016-10143 A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a tar...
S
CVE-2016-10144 coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missin...
S
CVE-2016-10145 Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact v...
S
CVE-2016-10146 Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers t...
S
CVE-2016-10147 crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (...
S
CVE-2016-10148 The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 mak...
S
CVE-2016-10149 XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read...
S
CVE-2016-10150 Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the L...
S
CVE-2016-10151 The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether...
S
CVE-2016-10152 The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" de...
S
CVE-2016-10153 The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CON...
S
CVE-2016-10154 The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x before 4.9.1 interacts incorr...
S
CVE-2016-10155 Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privile...
S
CVE-2016-10156 A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when u...
E S
CVE-2016-10157 Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without supp...
CVE-2016-10158 The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, a...
S
CVE-2016-10159 Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0...
S
CVE-2016-10160 Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0...
S
CVE-2016-10161 The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7....
S
CVE-2016-10162 The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1...
S
CVE-2016-10163 Memory leak in the vrend_renderer_context_create_internal function in vrend_decode.c in virglrendere...
S
CVE-2016-10164 Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions o...
S
CVE-2016-10165 The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain...
S
CVE-2016-10166 Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Lib...
S
CVE-2016-10167 The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4...
S
CVE-2016-10168 Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attack...
S
CVE-2016-10169 The read_code function in read_words.c in Wavpack before 5.1.0 allows remote attackers to cause a de...
E S
CVE-2016-10170 The WriteCaffHeader function in cli/caff.c in Wavpack before 5.1.0 allows remote attackers to cause ...
E S
CVE-2016-10171 The unreorder_channels function in cli/wvunpack.c in Wavpack before 5.1.0 allows remote attackers to...
E S
CVE-2016-10172 The read_new_config_info function in open_utils.c in Wavpack before 5.1.0 allows remote attackers to...
E S
CVE-2016-10173 Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for R...
E S
CVE-2016-10174 The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoki...
KEV E
CVE-2016-10175 The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_s...
E S
CVE-2016-10176 The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the ap...
E S
CVE-2016-10177 An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide ...
E
CVE-2016-10178 An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sb...
E
CVE-2016-10179 An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607....
E
CVE-2016-10180 An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0))...
E
CVE-2016-10181 An issue was discovered on the D-Link DWR-932B router. qmiweb provides sensitive information for Cfg...
E
CVE-2016-10182 An issue was discovered on the D-Link DWR-932B router. qmiweb allows command injection with ` charac...
E
CVE-2016-10183 An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ trav...
E
CVE-2016-10184 An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f travers...
E
CVE-2016-10185 An issue was discovered on the D-Link DWR-932B router. A secure_mode=no line exists in /var/miniupnp...
E
CVE-2016-10186 An issue was discovered on the D-Link DWR-932B router. /var/miniupnpd.conf has no deny rules....
E
CVE-2016-10187 The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a craft...
E S
CVE-2016-10188 Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial...
S
CVE-2016-10189 BitlBee before 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference an...
S
CVE-2016-10190 Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x ...
S
CVE-2016-10191 Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1...
S
CVE-2016-10192 Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3...
S
CVE-2016-10193 The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to execute arbitrary commands via ...
S
CVE-2016-10194 The festivaltts4r gem for Ruby allows remote attackers to execute arbitrary commands via shell metac...
S
CVE-2016-10195 The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have uns...
E S
CVE-2016-10196 Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent befor...
E S
CVE-2016-10197 The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a de...
E S
CVE-2016-10198 The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GSt...
S
CVE-2016-10199 The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer befor...
S
CVE-2016-10200 Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local...
S
CVE-2016-10201 Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to i...
E
CVE-2016-10202 Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to i...
E
CVE-2016-10203 Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to i...
E
CVE-2016-10204 SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitr...
E
CVE-2016-10205 Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web ...
E
CVE-2016-10206 Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attacke...
E
CVE-2016-10207 The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory acc...
E S
CVE-2016-10208 The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly ...
S
CVE-2016-10209 The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote a...
E S
CVE-2016-10210 libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial of service (NULL pointer der...
E S
CVE-2016-10211 libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free...
E S
CVE-2016-10212 Radware devices use the same value for the first two GCM nonces, which allows remote attackers to ob...
CVE-2016-10213 A10 AX1030 and possibly other devices with software before 2.7.2-P8 uses random GCM nonce generation...
CVE-2016-10214 Memory leak in the virgl_resource_attach_backing function in virglrenderer before 0.6.0 allows local...
S
CVE-2016-10215 An issue was discovered in Fastspot BigTree bigtree-form-builder before 1.2. The vulnerability exist...
CVE-2016-10216 An issue was discovered in IT ITems DataBase (ITDB) through 1.23. The vulnerability exists due to in...
E
CVE-2016-10217 The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Ghostscript 9.20 allows remote a...
E S
CVE-2016-10218 The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artife...
E S
CVE-2016-10219 The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote att...
E S
CVE-2016-10220 The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 al...
E S
CVE-2016-10221 The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attack...
E
CVE-2016-10222 runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Rele...
CVE-2016-10223 An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient f...
S
CVE-2016-10224 An issue was discovered in Sauter NovaWeb web HMI. The application uses a protection mechanism that ...
M
CVE-2016-10225 The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users...
E S
CVE-2016-10226 JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote atta...
CVE-2016-10227 Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote attackers to cause a denial o...
E S
CVE-2016-10228 The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with mult...
CVE-2016-10229 udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traff...
S
CVE-2016-10230 A remote code execution vulnerability in the Qualcomm crypto driver. Product: Android. Versions: And...
CVE-2016-10231 An elevation of privilege vulnerability in the Qualcomm sound codec driver. Product: Android. Versio...
CVE-2016-10232 An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: An...
CVE-2016-10233 An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: An...
CVE-2016-10234 An information disclosure vulnerability in the Qualcomm IPA driver. Product: Android. Versions: Andr...
CVE-2016-10235 A denial of service vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android k...
CVE-2016-10236 An information disclosure vulnerability in the Qualcomm USB driver. Product: Android. Versions: Andr...
CVE-2016-10237 If shared content protection memory were passed as the secure camera memory buffer by the HLOS to a ...
S
CVE-2016-10238 In QSEE in all Android releases from CAF using the Linux kernel access control may potentially be by...
S
CVE-2016-10239 In TrustZone access control policy may potentially be bypassed in all Android releases from CAF usin...
S
CVE-2016-10242 A time-of-check time-of-use race condition could potentially exist in the secure file system in all ...
S
CVE-2016-10243 TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in s...
E S
CVE-2016-10244 The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a fon...
E S
CVE-2016-10245 Insufficient sanitization of the query parameter in templates/html/search_opensearch.php could lead ...
S
CVE-2016-10246 Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF be...
S
CVE-2016-10247 Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc. Mu...
S
CVE-2016-10248 The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to c...
E S
CVE-2016-10249 Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows re...
E S
CVE-2016-10250 The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to caus...
E S
CVE-2016-10251 Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows rem...
E S
CVE-2016-10252 Memory leak in the IsOptionMember function in MagickCore/option.c in ImageMagick before 6.9.2-2, as ...
S
CVE-2016-10253 An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is v...
CVE-2016-10254 The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a de...
CVE-2016-10255 The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote att...
CVE-2016-10256 The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is ...
CVE-2016-10257 The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6....
CVE-2016-10258 Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG man...
CVE-2016-10259 Symantec SSL Visibility (SSLV) 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and 3.11 before 3.11.3.1 is susce...
CVE-2016-10266 LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and applica...
S
CVE-2016-10267 LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and applica...
S
CVE-2016-10268 tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underf...
S
CVE-2016-10269 LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4b...
S
CVE-2016-10270 LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or ...
S
CVE-2016-10271 tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based b...
S
CVE-2016-10272 LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or p...
S
CVE-2016-10273 Multiple stack buffer overflow vulnerabilities in Jensen of Scandinavia AS Air:Link 3G (AL3G) versio...
CVE-2016-10274 An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local mali...
S
CVE-2016-10275 An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious ap...
S
CVE-2016-10276 An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious ap...
S
CVE-2016-10277 An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious ap...
E S
CVE-2016-10280 An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local maliciou...
S
CVE-2016-10281 An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local maliciou...
S
CVE-2016-10282 An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local maliciou...
S
CVE-2016-10283 An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious ...
S
CVE-2016-10284 An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious ...
S
CVE-2016-10285 An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious ...
S
CVE-2016-10286 An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious ...
S
CVE-2016-10287 An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious ...
S
CVE-2016-10288 An elevation of privilege vulnerability in the Qualcomm LED driver could enable a local malicious ap...
S
CVE-2016-10289 An elevation of privilege vulnerability in the Qualcomm crypto driver could enable a local malicious...
S
CVE-2016-10290 An elevation of privilege vulnerability in the Qualcomm shared memory driver could enable a local ma...
S
CVE-2016-10291 An elevation of privilege vulnerability in the Qualcomm Slimbus driver could enable a local maliciou...
S
CVE-2016-10292 A denial of service vulnerability in the Qualcomm Wi-Fi driver could enable a proximate attacker to ...
S
CVE-2016-10293 An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious ...
S
CVE-2016-10294 An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious ...
S
CVE-2016-10295 An information disclosure vulnerability in the Qualcomm LED driver could enable a local malicious ap...
S
CVE-2016-10296 An information disclosure vulnerability in the Qualcomm shared memory driver could enable a local ma...
CVE-2016-10297 In TrustZone in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Ra...
S
CVE-2016-10298 An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Vers...
CVE-2016-10299 An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Vers...
CVE-2016-10304 The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause...
CVE-2016-10305 Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < ...
E
CVE-2016-10306 Trango Altum AC600 devices have a built-in, hidden root account, with a default password of abcd1234...
CVE-2016-10307 Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a b...
E
CVE-2016-10308 Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with ...
E
CVE-2016-10309 In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote attacker can bypass authenticat...
CVE-2016-10310 Buffer overflow in the MobiLink Synchronization Server component in SAP SQL Anywhere 17 and possibly...
CVE-2016-10311 Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a deni...
CVE-2016-10312 Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) versi...
E
CVE-2016-10313 Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) versi...
E
CVE-2016-10314 Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) versi...
E
CVE-2016-10315 Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) versi...
E
CVE-2016-10316 Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) versi...
E
CVE-2016-10317 The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. Ghostscript 9.20...
E S
CVE-2016-10318 A missing authorization check in the fscrypt_process_policy function in fs/crypto/policy.c in the ex...
S
CVE-2016-10319 In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC can result in copying unexpecte...
S
CVE-2016-10320 textract before 1.5.0 allows OS Command Injection attacks via a filename in a call to the process fu...
E S
CVE-2016-10321 web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowin...
S
CVE-2016-10322 Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary ...
E
CVE-2016-10323 Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid ex...
E
CVE-2016-10324 In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osi...
S
CVE-2016-10325 In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the _os...
S
CVE-2016-10326 In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osi...
S
CVE-2016-10327 LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow rela...
S
CVE-2016-10328 FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow relat...
S
CVE-2016-10329 Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remo...
E
CVE-2016-10330 Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo S...
E
CVE-2016-10331 Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows...
E
CVE-2016-10332 In all Android releases from CAF using the Linux kernel, stack protection was not enabled for secure...
CVE-2016-10333 In all Android releases from CAF using the Linux kernel, a sensitive system call was allowed to be c...
CVE-2016-10334 In all Android releases from CAF using the Linux kernel, a dynamically-protected DDR region could po...
CVE-2016-10335 In all Android releases from CAF using the Linux kernel, libtomcrypt was updated....
CVE-2016-10336 In all Android releases from CAF using the Linux kernel, some regions of memory were not protected d...
CVE-2016-10337 In all Android releases from CAF using the Linux kernel, some validation of secure applications was ...
CVE-2016-10338 In all Android releases from CAF using the Linux kernel, there was an issue related to RPMB processi...
CVE-2016-10339 In all Android releases from CAF using the Linux kernel, HLOS can overwite secure memory or read con...
CVE-2016-10340 In all Android releases from CAF using the Linux kernel, an integer underflow leading to buffer over...
CVE-2016-10341 In all Android releases from CAF using the Linux kernel, 3rd party TEEs have more privilege than int...
CVE-2016-10342 In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a...
CVE-2016-10343 In all Qualcomm products with Android releases from CAF using the Linux kernel, sSL handshake failur...
CVE-2016-10344 In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of...
CVE-2016-10345 In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-mod...
S
CVE-2016-10346 In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow ...
CVE-2016-10347 In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a hyp...
CVE-2016-10349 The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to caus...
S
CVE-2016-10350 The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive ...
S
CVE-2016-10351 Telegram Desktop 0.10.19 uses 0755 permissions for $HOME/.TelegramDesktop, which allows local users ...
S
CVE-2016-10352 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-10353 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-10354 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-10355 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-10356 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-10357 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-10358 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-10359 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-10360 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-10361 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-10362 Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffin...
CVE-2016-10363 Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting ma...
CVE-2016-10364 With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to ...
CVE-2016-10365 Kibana versions before 4.6.3 and 5.0.1 have an open redirect vulnerability that would enable an atta...
CVE-2016-10366 Kibana versions after and including 4.3 and before 4.6.2 are vulnerable to a cross-site scripting (X...
CVE-2016-10367 In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, an...
E
CVE-2016-10368 Open redirect vulnerability in Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, ...
E
CVE-2016-10369 unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local us...
S
CVE-2016-10370 An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed...
E
CVE-2016-10371 The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote a...
CVE-2016-10372 The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to...
E
CVE-2016-10373 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10214. Reason: This candid...
R
CVE-2016-10374 perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies o...
CVE-2016-10375 Yodl before 3.07.01 has a Buffer Over-read in the queue_push function in queue/queuepush.c....
S
CVE-2016-10376 Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension...
S
CVE-2016-10377 In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the ...
S
CVE-2016-10378 e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to...
E
CVE-2016-10379 The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL injection by remote authentica...
E
CVE-2016-10380 In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unpr...
CVE-2016-10381 In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unpr...
CVE-2016-10382 In all Qualcomm products with Android releases from CAF using the Linux kernel, access control to th...
CVE-2016-10383 In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU ra...
CVE-2016-10384 In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was pot...
CVE-2016-10385 In all Qualcomm products with Android releases from CAF using the Linux kernel, a use-after-free vul...
CVE-2016-10386 In all Qualcomm products with Android releases from CAF using the Linux kernel, an array index out o...
CVE-2016-10387 In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was pot...
CVE-2016-10388 In all Qualcomm products with Android releases from CAF using the Linux kernel, a configuration vuln...
CVE-2016-10389 In all Qualcomm products with Android releases from CAF using the Linux kernel, there is no size che...
S
CVE-2016-10390 In all Qualcomm products with Android releases from CAF using the Linux kernel, when downloading a f...
CVE-2016-10391 In all Qualcomm products with Android releases from CAF using the Linux kernel, the length in an HCI...
CVE-2016-10392 In all Qualcomm products with Android releases from CAF using the Linux kernel, a driver can potenti...
CVE-2016-10393 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Li...
CVE-2016-10394 Improper Authentication in Core
CVE-2016-10395 In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Servi...
CVE-2016-10396 The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity atta...
CVE-2016-10397 In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL ...
S
CVE-2016-10398 Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic ...
CVE-2016-10399 Sendio versions before 8.2.1 were affected by a Local File Inclusion vulnerability that allowed an u...
CVE-2016-10400 Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/user...
E
CVE-2016-10401 ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers t...
E
CVE-2016-10402 Avira Antivirus engine versions before 8.3.36.60 allow remote code execution as NT AUTHORITY\SYSTEM ...
CVE-2016-10403 Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed ...
CVE-2016-10404 XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect field to modules/apps/foundati...
S
CVE-2016-10405 Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) with firmware before FW1.17.B01 ...
CVE-2016-10406 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9650, ...
CVE-2016-10407 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD...
CVE-2016-10408 Improper Access Control in Core.
CVE-2016-10409 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and S...
CVE-2016-10410 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd...
CVE-2016-10411 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD...
CVE-2016-10412 In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC, Snapdragon ...
CVE-2016-10413 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2016-10414 In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC, Snapdragon ...
CVE-2016-10415 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd...
CVE-2016-10416 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd...
CVE-2016-10417 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snap...
CVE-2016-10418 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snap...
CVE-2016-10419 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9640, ...
CVE-2016-10420 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd...
CVE-2016-10421 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd...
CVE-2016-10422 In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC, Snapdragon ...
CVE-2016-10423 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and S...
CVE-2016-10424 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snap...
CVE-2016-10425 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snap...
CVE-2016-10426 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and S...
CVE-2016-10427 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd...
CVE-2016-10428 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and S...
CVE-2016-10429 In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC, Snapdragon ...
CVE-2016-10430 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and S...
CVE-2016-10431 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snap...
CVE-2016-10432 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and S...
CVE-2016-10433 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snap...
CVE-2016-10434 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and S...
CVE-2016-10435 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snap...
CVE-2016-10436 In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC, Snapdragon ...
CVE-2016-10437 In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC, Snapdragon ...
CVE-2016-10438 In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC, Snapdragon ...
CVE-2016-10439 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and S...
CVE-2016-10440 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 425, S...
CVE-2016-10441 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd...
CVE-2016-10442 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9640, ...
CVE-2016-10443 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snap...
CVE-2016-10444 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snap...
CVE-2016-10445 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and S...
CVE-2016-10446 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snap...
CVE-2016-10447 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd...
CVE-2016-10448 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd...
CVE-2016-10449 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd...
CVE-2016-10450 In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC, Snapdragon ...
CVE-2016-10451 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd...
CVE-2016-10452 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and S...
CVE-2016-10453 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2016-10454 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 425, S...
CVE-2016-10455 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd...
CVE-2016-10456 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd...
CVE-2016-10457 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd...
CVE-2016-10458 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD...
CVE-2016-10459 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd...
CVE-2016-10460 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 835, S...
CVE-2016-10461 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9650, ...
CVE-2016-10462 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and S...
CVE-2016-10463 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2016-10464 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd...
CVE-2016-10465 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2016-10466 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd...
CVE-2016-10467 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and S...
CVE-2016-10468 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2016-10469 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snap...
CVE-2016-10470 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2016-10471 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and S...
CVE-2016-10472 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd...
CVE-2016-10473 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd...
CVE-2016-10474 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snap...
CVE-2016-10475 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD...
CVE-2016-10476 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd...
CVE-2016-10477 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD...
CVE-2016-10478 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 617, i...
CVE-2016-10479 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9607, ...
CVE-2016-10480 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd...
CVE-2016-10481 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd...
CVE-2016-10482 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd...
CVE-2016-10483 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12...
CVE-2016-10484 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snap...
CVE-2016-10485 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd...
CVE-2016-10486 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and S...
CVE-2016-10487 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snap...
CVE-2016-10488 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2016-10489 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400, l...
CVE-2016-10490 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snap...
CVE-2016-10491 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd...
CVE-2016-10492 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd...
CVE-2016-10493 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snap...
CVE-2016-10494 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snap...
CVE-2016-10495 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M,...
CVE-2016-10496 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M,...
CVE-2016-10497 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd...
CVE-2016-10498 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M,...
CVE-2016-10499 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapd...
CVE-2016-10500 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2016-10501 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdrag...
CVE-2016-10502 While generating trusted application id, An integer overflow can occur giving the trusted applicatio...
CVE-2016-10503 IBM Sametime Meeting Server 8.5.2 and 9.0 could allow an authenticated and invited user of Sametime ...
S
CVE-2016-10504 Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before...
E S
CVE-2016-10505 NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb fun...
S
CVE-2016-10506 Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_nex...
S
CVE-2016-10507 Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0...
S
CVE-2016-10508 Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() before 1.7.14 allow remote attacke...
S
CVE-2016-10509 SQL injection vulnerability in the updateAmazonOrderTracking function in upload/admin/model/openbay/...
E S
CVE-2016-10510 Cross-site scripting (XSS) vulnerability in the Security component of Kohana before 3.3.6 allows rem...
E S
CVE-2016-10511 The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for t...
E
CVE-2016-10512 MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for maintaining the test connectivity ...
CVE-2016-10513 Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a crafted search expression to include/...
S
CVE-2016-10514 url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypa...
S
CVE-2016-10515 In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text fo...
S
CVE-2016-10516 Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debu...
CVE-2016-10517 networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for PO...
CVE-2016-10518 A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clie...
S
CVE-2016-10519 A security issue was found in bittorrent-dht before 5.1.3 that allows someone to send a specific ser...
CVE-2016-10520 jadedown is vulnerable to regular expression denial of service (ReDoS) when certain types of user in...
E
CVE-2016-10521 jshamcrest is vulnerable to regular expression denial of service (ReDoS) when certain types of user ...
CVE-2016-10522 rails_admin ruby gem
E S
CVE-2016-10523 MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted MQTT packets to crash the appli...
E
CVE-2016-10524 i18n-node-angular is a module used to interact between i18n and angular without using additional res...
S
CVE-2016-10525 When attempting to allow authentication mode `try` in hapi, hapi-auth-jwt2 version 5.1.1 introduced ...
S
CVE-2016-10526 A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ...
CVE-2016-10527 The riot-compiler version version 2.3.21 has an issue in a regex (Catastrophic Backtracking) thats m...
CVE-2016-10528 restafary is a REpresentful State Transfer API for Creating, Reading, Using, Deleting files on a ser...
E
CVE-2016-10529 Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An att...
CVE-2016-10530 The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environme...
CVE-2016-10531 marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3...
E S
CVE-2016-10532 console-io is a module that allows users to implement a web console in their application. A maliciou...
CVE-2016-10533 express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models....
E
CVE-2016-10534 electron-packager is a command line tool that packages Electron source code into `.app` and `.exe` p...
M
CVE-2016-10535 csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lit...
CVE-2016-10536 engine.io-client is the client for engine.io, the implementation of a transport-based cross-browser/...
S
CVE-2016-10537 backbone is a module that adds in structure to a JavaScript heavy application through key-value pair...
CVE-2016-10538 The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are te...
E
CVE-2016-10539 negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks incl...
CVE-2016-10540 Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `R...
E
CVE-2016-10541 The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ">" and "<" operator used for...
E
CVE-2016-10542 ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for ...
CVE-2016-10543 call is an HTTP router that is primarily used by the hapi framework. There exists a bug in call vers...
E
CVE-2016-10544 uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance wit...
S
CVE-2016-10545 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi...
R
CVE-2016-10546 An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce function...
CVE-2016-10547 Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross ...
E
CVE-2016-10548 Arbitrary code execution is possible in reduce-css-calc node module <=1.2.4 through crafted css. Thi...
E
CVE-2016-10549 Sails is an MVC style framework for building realtime web applications. Version 0.12.7 and lower hav...
CVE-2016-10550 sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, Ma...
S
CVE-2016-10551 waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input th...
E
CVE-2016-10552 igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol....
CVE-2016-10553 sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, Ma...
CVE-2016-10554 sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, Ma...
S
CVE-2016-10555 Since "algorithm" isn't enforced in jwt.decode()in jwt-simple 0.3.0 and earlier, a malicious user co...
CVE-2016-10556 sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, Ma...
E
CVE-2016-10557 appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary r...
CVE-2016-10558 aerospike is an Aerospike add-on module for Node.js. aerospike versions below 2.4.2 download binary ...
CVE-2016-10559 selenium-download downloads the latest versions of the selenium standalone server and the chromedriv...
CVE-2016-10560 galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 downl...
CVE-2016-10561 Bitty is a development web server tool that functions similar to `python -m SimpleHTTPServer`. Versi...
CVE-2016-10562 iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary reso...
CVE-2016-10563 During the installation process, the go-ipfs-deps module before 0.4.4 insecurely downloads resources...
CVE-2016-10564 apk-parser is a tool to extract Android Manifest info from an APK file. apk-parser versions below 0....
CVE-2016-10565 operadriver is a Opera Driver for Selenium. operadriver versions below 0.2.3 download binary resourc...
CVE-2016-10566 install-nw is a module which quickly and robustly installs and caches NW.js. install-nw versions bel...
CVE-2016-10567 product-monitor is a HTML/JavaScript template for monitoring a product by encouraging product develo...
CVE-2016-10568 geoip-lite-country is a stripped down version of geoip-lite, supporting only country lookup. geoip-l...
CVE-2016-10569 embedza is a module to create HTML snippets/embeds from URLs using info from oEmbed, Open Graph, met...
CVE-2016-10570 pngcrush-installer is an installer for Pngcrush. pngcrush-installer versions below 1.8.10 download b...
CVE-2016-10571 bkjs-wand is imagemagick wand support for node.js and backendjs bkjs-wand versions lower than 0.3.2 ...
CVE-2016-10572 mongodb-instance before 0.0.3 installs mongodb locally. mongodb-instance downloads binary resources ...
CVE-2016-10573 baryton-saxophone is a module to install and launch Selenium Server for Mac, Linux and Windows. bary...
CVE-2016-10574 apk-parser3 is a module to extract Android Manifest info from an APK file. apk-parser3 versions befo...
CVE-2016-10575 Kindlegen is a simple Node.js wrapper of the official kindlegen program. Kindlegen versions before 1...
CVE-2016-10576 Fuseki server wrapper and management API in fuseki before 1.0.1 downloads binary resources over HTTP...
CVE-2016-10577 ibm_db is an asynchronous/synchronous interface for node.js to IBM DB2 and IBM Informix. ibm_db befo...
S
CVE-2016-10578 unicode loads unicode data downloaded from unicode.org into nodejs. Unicode before 9.0.0 downloads b...
CVE-2016-10579 Chromedriver is an NPM wrapper for selenium ChromeDriver. Chromedriver before 2.26.1 downloads binar...
CVE-2016-10580 nodewebkit is an installer for node-webkit. nodewebkit downloads zipped resources over HTTP, which l...
CVE-2016-10581 Steroids is PhoneGap on Steroids, providing native UI elements, multiple WebViews and enhancements f...
CVE-2016-10582 closurecompiler is a Closure Compiler for node.js. closurecompiler downloads binary resources over H...
CVE-2016-10583 closure-utils is Utilities for Closure Library based projects. closure-utils downloads binary resour...
CVE-2016-10584 dalek-browser-chrome-canary provides Google Chrome bindings for DalekJS. dalek-browser-chrome-canary...
CVE-2016-10585 libxl provides Node bindings for the libxl library for reading and writing excel (XLS and XLSX) spre...
CVE-2016-10586 macaca-chromedriver is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver before 1...
CVE-2016-10587 wasdk is a toolkit for creating WebAssembly modules. wasdk downloads binary resources over HTTP, whi...
CVE-2016-10588 nw is an installer for nw.js. nw downloads zipped resources over HTTP, It may be possible to cause r...
CVE-2016-10589 selenium-binaries downloads Selenium related binaries for your OS. selenium-binaries downloads binar...
CVE-2016-10590 cue-sdk-node is a Corsair Cue SDK wrapper for node.js. cue-sdk-node downloads zipped resources over ...
CVE-2016-10591 Prince is a Node API for executing XML/HTML to PDF renderer PrinceXML via prince(1) CLI. prince down...
CVE-2016-10592 jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it...
CVE-2016-10593 ibapi is an Interactive Brokers API addon for NodeJS. ibapi downloads binary resources over HTTP, wh...
CVE-2016-10594 ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ...
CVE-2016-10595 jdf-sass is a fork from node-sass, jdf use only. jdf-sass downloads executable resources over HTTP, ...
CVE-2016-10596 imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped ...
CVE-2016-10597 cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks....
CVE-2016-10598 arrayfire-js is a module for ArrayFire for the Node.js platform. arrayfire-js downloads binary resou...
CVE-2016-10599 sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar program for establishing a se...
CVE-2016-10600 webrtc-native uses WebRTC from chromium project. webrtc-native downloads binary resources over HTTP,...
CVE-2016-10601 webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver / IEDriver / IOSDriver / Ghos...
CVE-2016-10602 haxe is a cross-platform toolkit haxe downloads zipped resources over HTTP, which leaves it vulnerab...
CVE-2016-10603 air-sdk is a NPM wrapper for the Adobe AIR SDK. air-sdk downloads binary resources over HTTP, which ...
CVE-2016-10604 dalek-browser-chrome is Google Chrome bindings for DalekJS. dalek-browser-chrome downloads binary re...
CVE-2016-10605 dalek-browser-ie is Internet Explorer bindings for DalekJS. dalek-browser-ie downloads binary resour...
CVE-2016-10606 grunt-webdriver-qunit is a grunt plugin to run qunit with webdriver in grunt grunt-webdriver-qunit d...
CVE-2016-10607 openframe-glsviewer is a Openframe extension which adds support for shaders via glslViewer. openfram...
CVE-2016-10608 robot-js is a module for native system automation for node.js. robot-js downloads binary resources o...
CVE-2016-10609 chromedriver126 is chromedriver version 1.26 for linux OS. chromedriver126 downloads binary resource...
CVE-2016-10610 unicode-json is a unicode lookup table. unicode-json before 2.0.0 downloads data resources over HTTP...
CVE-2016-10611 strider-sauce is Sauce Labs / Selenium support for Strider. strider-sauce downloads zipped resources...
CVE-2016-10612 dalek-browser-ie-canary is Internet Explorer bindings for DalekJS. dalek-browser-ie-canary downloads...
CVE-2016-10613 bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, wh...
CVE-2016-10614 httpsync is a port of libcurl to node.js. httpsync downloads binary resources over HTTP, which leave...
CVE-2016-10615 curses is bindings for the native curses library, a full featured console IO library. curses downloa...
CVE-2016-10616 openframe-image is an Openframe extension which adds support for images via fbi. openframe-image dow...
CVE-2016-10617 box2d-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It ma...
CVE-2016-10618 node-browser is a wrapper webdriver by nodejs. node-browser downloads resources over HTTP, which lea...
CVE-2016-10619 pennyworth is a natural language templating engine. pennyworth downloads data resources over HTTP, w...
CVE-2016-10620 atom-node-module-installer installs node modules for atom-shell applications. atom-node-module-insta...
CVE-2016-10621 fibjs is a runtime for javascript applictions built on google v8 JS. fibjs downloads binary resource...
CVE-2016-10622 nodeschnaps is a NodeJS compatibility layer for Java (Rhino). nodeschnaps downloads binary resources...
CVE-2016-10623 macaca-chromedriver-zxa is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver-zxa ...
CVE-2016-10624 selenium-chromedriver is a simple utility for downloading the Selenium Webdriver for Google Chrome s...
CVE-2016-10625 headless-browser-lite is a minimal npm installer for phantomjs and slimerjs with no external depende...
CVE-2016-10626 mystem3 is a NodeJS wrapper for the Yandex MyStem 3. mystem3 downloads binary resources over HTTP, w...
CVE-2016-10627 scala-bin is a binary wrapper for Scala. scala-bin downloads binary resources over HTTP, which leave...
CVE-2016-10628 selenium-wrapper is a selenium server wrapper, including installation and chrome webdriver. selenium...
CVE-2016-10629 nw-with-arm is a NW Installer including ARM-Build. nw-with-arm downloads binary resources over HTTP,...
CVE-2016-10630 install-g-test downloads resources over HTTP, which leaves it vulnerable to MITM attacks....
CVE-2016-10631 jvminstall is a module for downloading and unpacking jvm to local system. jvminstall downloads binar...
CVE-2016-10632 apk-parser2 is a module which extracts Android Manifest info from an APK file. apk-parser2 downloads...
CVE-2016-10633 dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG. dwebp-bin downloads binary resource...
CVE-2016-10634 scala-standalone-bin is a Binary wrapper for ScalaJS. scala-standalone-bin downloads binary resource...
CVE-2016-10635 broccoli-closure is a Closure compiler plugin for Broccoli. broccoli-closure before 1.3.1 downloads ...
CVE-2016-10636 grunt-ccompiler is a Closure Compiler Grunt Plugin. grunt-ccompiler downloads binary resources over ...
CVE-2016-10637 haxe-dev is a cross-platform toolkit. haxe-dev downloads binary resources over HTTP, which leaves it...
CVE-2016-10638 js-given is a JavaScript frontend to jgiven. js-given downloads binary resources over HTTP, which le...
CVE-2016-10639 redis-srvr is a npm wrapper for redis-server. redis-srvr downloads binary resources over HTTP, which...
CVE-2016-10640 node-thulac is a node binding for thulac. node-thulac downloads binary resources over HTTP, which le...
CVE-2016-10641 node-bsdiff-android downloads resources over HTTP, which leaves it vulnerable to MITM attacks....
CVE-2016-10642 cmake installs the cmake x86 linux binaries. cmake downloads binary resources over HTTP, which leave...
CVE-2016-10643 jstestdriver is a wrapper for Google's jstestdriver. jstestdriver downloads binary resources over HT...
CVE-2016-10644 slimerjs-edge is a npm wrapper for installing the bleeding edge version of slimerjs. slimerjs-edge d...
CVE-2016-10645 grunt-images is a grunt plugin for processing images. grunt-images downloads binary resources over H...
CVE-2016-10646 resourcehacker is a Node wrapper of Resource Hacker (windows executable resource editor). resourceha...
CVE-2016-10647 node-air-sdk is an AIR SDK for nodejs. node-air-sdk downloads binary resources over HTTP, which leav...
CVE-2016-10648 marionette-socket-host is a marionette-js-runner host for sending actions over a socket. marionette-...
CVE-2016-10649 frames-compiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It...
CVE-2016-10650 ntfserver is a Network Testing Framework Server. ntfserver downloads binary resources over HTTP, whi...
CVE-2016-10651 webdriver-launcher is a Node.js Selenium Webdriver Launcher. webdriver-launcher downloads binary res...
CVE-2016-10652 prebuild-lwip is a module for comprehensive, fast, and simple image processing and manipulation. pre...
CVE-2016-10653 xd-testing is a testing library for cross-device (XD) web applications. xd-testing downloads binary ...
CVE-2016-10654 sfml downloads resources over HTTP, which leaves it vulnerable to MITM attacks....
CVE-2016-10655 The clang-extra module installs LLVM's clang-extra tools. clang-extra downloads binary resources ove...
CVE-2016-10656 qbs is a build tool that helps simplify the build process for developing projects across multiple pl...
CVE-2016-10657 co-cli-installer downloads the co-cli module as part of the install process, but does so over HTTP, ...
CVE-2016-10658 native-opencv is the OpenCV library installed via npm native-opencv downloads binary resources over ...
CVE-2016-10659 poco - The POCO libraries, downloads source file resources used for compilation over HTTP, which lea...
CVE-2016-10660 fis-parser-sass-bin a plugin for fis to compile sass using node-sass-binaries. fis-parser-sass-bin d...
CVE-2016-10661 phantomjs-cheniu is a Headless WebKit with JS API phantomjs-cheniu downloads binary resources over H...
CVE-2016-10662 tomita is a node wrapper for Yandex Tomita Parser tomita downloads binary resources over HTTP, which...
CVE-2016-10663 wixtoolset is a Node module wrapper around the wixtoolset binaries wixtoolset downloads binary resou...
CVE-2016-10664 mystem is a Node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem downloads binary...
CVE-2016-10665 herbivore is a packet sniffing and crafting library. Built on libtins herbivore 0.0.3 and below down...
CVE-2016-10666 tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser downloads binary resources ov...
CVE-2016-10667 selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over HTTP...
CVE-2016-10668 libsbml is a module that installs Linux binaries for libSBML libsbml downloads resources over HTTP, ...
CVE-2016-10669 soci downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be pos...
CVE-2016-10670 windows-seleniumjar-mirror downloads the Selenium Jar file windows-seleniumjar-mirror downloads bina...
CVE-2016-10671 mystem-wrapper is a Yandex mystem app wrapper module. mystem-wrapper downloads binary resources over...
CVE-2016-10672 cloudpub-redis is a module for CloudPub: Redis Backend cloudpub-redis downloads binary resources ove...
CVE-2016-10673 ipip-coffee queries geolocation information from IP ipip-coffee downloads geolocation resources over...
CVE-2016-10674 limbus-buildgen is a "build anywhere" build system. limbus-buildgen versions below 0.1.1 download bi...
CVE-2016-10675 libsbmlsim is a module that installs linux binaries for libsbmlsim libsbmlsim downloads binary resou...
CVE-2016-10676 rs-brightcove is a wrapper around brightcove's web api rs-brightcove downloads source file resources...
CVE-2016-10677 google-closure-tools-latest is a Node.js module wrapper for downloading the latest version of the Go...
CVE-2016-10678 serc.js is a Selenium RC process wrapper serc.js downloads binary resources over HTTP, which leaves ...
CVE-2016-10679 selenium-standalone-painful installs a start-selenium command line to start a standalone selenium se...
CVE-2016-10680 adamvr-geoip-lite is a light weight native JavaScript implementation of GeoIP API from MaxMind adamv...
CVE-2016-10681 roslib-socketio - The standard ROS Javascript Library fork for add support to socket.io roslib-socke...
CVE-2016-10682 massif is a Phantomjs fork massif downloads resources over HTTP, which leaves it vulnerable to MITM ...
CVE-2016-10683 arcanist downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possib...
CVE-2016-10684 healthcenter - IBM Monitoring and Diagnostic Tools health Center agent healthcenter downloads binary...
CVE-2016-10685 pk-app-wonderbox is an integration with wonderbox pk-app-wonderbox downloads binary resources over H...
CVE-2016-10686 fis-sass-all is another libsass wrapper for node. fis-sass-all downloads binary resources over HTTP,...
CVE-2016-10687 windows-selenium-chromedriver is a module that downloads the Selenium Jar file. windows-selenium-chr...
CVE-2016-10688 Haxe 3 : The Cross-Platform Toolkit (a fork from David Mouton's damoebius/haxe-npm) haxe3 downloads ...
CVE-2016-10689 The windows-iedriver module downloads fixed version of iedriverserver.exe windows-iedriver downloads...
CVE-2016-10690 openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. ope...
CVE-2016-10691 windows-seleniumjar is a module that downloads the Selenium Jar file windows-seleniumjar downloads b...
CVE-2016-10692 haxeshim haxe shim to deal with coexisting versions. haxeshim downloads resources over HTTP, which l...
CVE-2016-10693 pm2-kafka is a PM2 module that installs and runs a kafka server pm2-kafka downloads binary resources...
CVE-2016-10694 alto-saxophone is a module to install and launch Chromedriver for Mac, Linux or Windows. alto-saxoph...
CVE-2016-10695 The npm-test-sqlite3-trunk module provides asynchronous, non-blocking SQLite3 bindings. npm-test-sql...
CVE-2016-10696 windows-latestchromedriver downloads the latest version of chromedriver.exe. windows-latestchromedri...
CVE-2016-10697 react-native-baidu-voice-synthesizer is a baidu voice speech synthesizer for react native. react-nat...
CVE-2016-10698 mystem-fix is a node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem-fix download...
CVE-2016-10699 D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS attacks in the username and pa...
E
CVE-2016-10700 auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to...
S
CVE-2016-10701 In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists in the Business Analytics ap...
CVE-2016-10702 Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbi...
CVE-2016-10703 A regular expression Denial of Service (DoS) vulnerability in the file lib/ecstatic.js of the ecstat...
E S
CVE-2016-10704 Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e...
S
CVE-2016-10705 The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module....
CVE-2016-10706 The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link....
CVE-2016-10707 jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased a...
E S
CVE-2016-10708 sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer derefe...
S
CVE-2016-10709 pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' char...
E
CVE-2016-10710 Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not validate the dataFieldId value,...
E
CVE-2016-10711 Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than...
CVE-2016-10712 In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_...
E S
CVE-2016-10713 An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in p...
S
CVE-2016-10714 In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support ...
S
CVE-2016-10715 The Artezio Kanban Board plugin 1.4 revision 1914 for Atlassian Jira has XSS via the Board Name in a...
CVE-2016-10716 The Mail.ru Calendar plugin before 2.5.0.61 for Atlassian Jira has XSS via the Name field in a Creat...
CVE-2016-10717 A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consume...
E
CVE-2016-10718 Brave Browser before 0.13.0 allows a tab to close itself even if the tab was not opened by a script,...
E
CVE-2016-10719 TP-Link Archer CR-700 1.0.6 devices have an XSS vulnerability that can be introduced into the admin ...
E
CVE-2016-10721 partclone.restore in Partclone 0.2.87 is prone to a heap-based buffer overflow vulnerability due to ...
CVE-2016-10722 partclone.fat in Partclone before 0.2.88 is prone to a heap-based buffer overflow vulnerability due ...
E
CVE-2016-10723 An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield ...
CVE-2016-10724 Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote net...
CVE-2016-10725 In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which ...
CVE-2016-10726 The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversa...
S
CVE-2016-10727 camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server bef...
E S
CVE-2016-10728 An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error packet is received as the first...
E
CVE-2016-10729 An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a cl...
E
CVE-2016-10730 An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a cl...
E
CVE-2016-10731 ProjectSend (formerly cFTP) r582 allows SQL injection via manage-files.php with the request paramete...
CVE-2016-10732 ProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php, ho...
CVE-2016-10733 ProjectSend (formerly cFTP) r582 allows directory traversal via file=../ in the process-zip-download...
CVE-2016-10734 ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.ex...
CVE-2016-10735 In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target a...
E S
CVE-2016-10736 The "Social Pug - Easy Social Share Buttons" plugin before 1.2.6 for WordPress allows XSS via the wp...
E
CVE-2016-10737 Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter....
E
CVE-2016-10738 Zenbership v107 has CSRF via admin/cp-functions/event-add.php....
E
CVE-2016-10739 In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully ...
S
CVE-2016-10740 Various resources in Atlassian Crowd before version 2.10.1 allow remote attackers with administratio...
CVE-2016-10741 In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service ...
S
CVE-2016-10742 Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x...
E
CVE-2016-10743 hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() fu...
S
CVE-2016-10744 In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This a...
S
CVE-2016-10745 In Pallets Jinja before 2.8.1, str.format allows a sandbox escape....
S
CVE-2016-10746 libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an...
S
CVE-2016-10749 parse_string in cJSON.c in cJSON before 2016-10-02 has a buffer over-read, as demonstrated by a stri...
E S
CVE-2016-10750 In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java...
CVE-2016-10751 osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the plugin parameter. This is expl...
CVE-2016-10752 serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute ar...
CVE-2016-10753 e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses u...
E
CVE-2016-10754 modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL injection via the contactidlist paramet...
E
CVE-2016-10755 AbanteCart 1.2.8 allows SQL Injection via the source_language parameter to admin/controller/pages/lo...
CVE-2016-10756 Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File Upload because module.php?module=upload can...
E
CVE-2016-10757 In Redaxo 5.2.0, the cron management of the admin panel suffers from CSRF that leads to arbitrary Re...
E
CVE-2016-10758 PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchiv...
E
CVE-2016-10759 The Xinha plugin in Precurio 2.1 allows Directory Traversal, with resultant arbitrary code execution...
E
CVE-2016-10760 On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell met...
E
CVE-2016-10761 Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka Mou...
CVE-2016-10762 The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export too...
E
CVE-2016-10763 The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ti...
E
CVE-2016-10764 In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi....
S
CVE-2016-10765 edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address....
S
CVE-2016-10766 edx-platform before 2016-06-06 allows CSRF....
S
CVE-2016-10767 cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159)....
CVE-2016-10768 cPanel before 60.0.25 allows file-overwrite operations during preparation for MySQL upgrades (SEC-16...
CVE-2016-10769 cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-clone.cgi (SEC-162)....
CVE-2016-10770 cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164)...
CVE-2016-10771 cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile ...
CVE-2016-10772 cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin...
CVE-2016-10773 cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171)....
CVE-2016-10774 cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172)....
CVE-2016-10775 cPanel before 60.0.25 allows arbitrary file-chown operations via reassign_post_terminate_cruft (SEC-...
CVE-2016-10776 cPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination ...
CVE-2016-10777 cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodiscover_host (SEC-177)....
CVE-2016-10778 cPanel before 60.0.25 allows self stored XSS in the listftpstable API (SEC-178)....
CVE-2016-10779 cPanel before 60.0.25 allows stored XSS in api1_listautoresponders (SEC-179)....
CVE-2016-10780 cPanel before 60.0.25 allows stored XSS in the ftp_sessions API (SEC-180)....
CVE-2016-10781 cPanel before 60.0.25 allows self XSS in the UI_confirm API (SEC-180)....
CVE-2016-10782 cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs (SEC-181)....
CVE-2016-10783 cPanel before 60.0.25 allows self stored XSS in SSL_listkeys (SEC-182)....
CVE-2016-10784 cPanel before 60.0.25 allows self XSS in the alias upload interface (SEC-184)....
CVE-2016-10785 cPanel before 60.0.25 allows attackers to discover file contents during file copy operations (SEC-18...
CVE-2016-10786 cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys (SEC-18...
CVE-2016-10787 The Host Access Control feature in cPanel before 60.0.25 mishandles actionless host.deny entries (SE...
CVE-2016-10788 cPanel before 60.0.25 allows arbitrary code execution via Maketext in PostgreSQL adminbin (SEC-188)....
CVE-2016-10789 cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler (SEC-191)....
CVE-2016-10790 cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpanel.net (SEC-192)....
CVE-2016-10791 cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are...
CVE-2016-10792 cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list ar...
CVE-2016-10793 cPanel before 59.9999.145 allows arbitrary code execution due to an incorrect #! in Mail::SPF script...
CVE-2016-10794 cPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processi...
CVE-2016-10795 cPanel before 59.9999.145 allows stored XSS in the WHM tail_upcp2.cgi interface (SEC-156)....
CVE-2016-10796 cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130)....
CVE-2016-10797 cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certificate" page visitors to list all ...
CVE-2016-10798 cPanel before 58.0.4 allows a file-ownership change (to nobody) via rearrangeacct (SEC-134)....
CVE-2016-10799 cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137)....
CVE-2016-10800 cPanel before 58.0.4 allows demo-mode escape via Site Templates and Boxtrapper API calls (SEC-138)....
CVE-2016-10801 cPanel before 58.0.4 has improper session handling for shared users (SEC-139)....
CVE-2016-10802 cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI...
CVE-2016-10803 cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923)....
CVE-2016-10804 The SQLite journal feature in cPanel before 57.9999.54 allows arbitrary file-overwrite operations du...
CVE-2016-10805 cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_uti...
CVE-2016-10806 cPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing Page (SEC-110)....
CVE-2016-10807 cPanel before 57.9999.54 allows certain denial-of-service outcomes via /scripts/killpvhost (SEC-112)...
CVE-2016-10808 In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113)....
CVE-2016-10809 In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-1...
CVE-2016-10810 In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SE...
CVE-2016-10811 In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116)....
CVE-2016-10812 In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117)....
CVE-2016-10813 cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118)....
CVE-2016-10814 cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119)....
CVE-2016-10815 cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding API...
CVE-2016-10816 cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-1...
CVE-2016-10817 cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123)....
CVE-2016-10818 cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup...
CVE-2016-10819 In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-12...
CVE-2016-10820 cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31)....
CVE-2016-10821 In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-...
CVE-2016-10822 cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88)....
CVE-2016-10823 cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because...
CVE-2016-10824 cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning...
CVE-2016-10825 cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (S...
CVE-2016-10826 cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering re...
CVE-2016-10827 cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96)....
CVE-2016-10828 cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97)....
CVE-2016-10829 cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processi...
CVE-2016-10830 cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100)....
CVE-2016-10831 cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing anothe...
CVE-2016-10832 cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102)....
CVE-2016-10833 cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104)....
CVE-2016-10834 cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105)....
CVE-2016-10835 cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107)....
CVE-2016-10836 cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (S...
CVE-2016-10837 cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46)....
CVE-2016-10838 cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70)....
CVE-2016-10839 cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71)....
CVE-2016-10840 cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72)....
CVE-2016-10841 The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses password hashes (SEC-73)....
CVE-2016-10842 cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl (SEC-...
CVE-2016-10843 cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API (SEC-76)....
CVE-2016-10844 The chcpass script in cPanel before 11.54.0.4 reveals a password hash (SEC-77)....
CVE-2016-10845 cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable ...
CVE-2016-10846 cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube datab...
CVE-2016-10847 cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxp...
CVE-2016-10848 cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81)....
CVE-2016-10849 cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82)....
CVE-2016-10850 cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83)...
CVE-2016-10851 cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84)....
CVE-2016-10852 cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85)....
CVE-2016-10853 cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86)....
CVE-2016-10854 cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87)....
CVE-2016-10855 cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91)....
CVE-2016-10856 cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29)....
CVE-2016-10857 cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60)....
CVE-2016-10858 cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (...
CVE-2016-10859 cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65)....
CVE-2016-10860 cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66)....
CVE-2016-10861 Neet AirStream NAS1.1 devices allow CSRF attacks that cause the settings binary to change the AP nam...
CVE-2016-10862 Neet AirStream NAS1.1 devices have a password of ifconfig for the root account. This cannot be chang...
E
CVE-2016-10863 Edimax Wi-Fi Extender devices allow goform/formwlencryptvxd CSRF with resultant PSK key disclosure....
E
CVE-2016-10864 NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the SSID....
E
CVE-2016-10865 The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cross-site request forgery (CSRF) ...
E
CVE-2016-10866 The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPress has multiple XSS issues....
CVE-2016-10867 The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages....
CVE-2016-10868 The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPress has XSS in the blacklist, ...
CVE-2016-10869 The contact-form-plugin plugin before 4.0.2 for WordPress has XSS....
CVE-2016-10870 The google-language-translator plugin before 5.0.06 for WordPress has XSS....
CVE-2016-10871 The mailchimp-for-wp plugin before 4.0.11 for WordPress has XSS on the integration settings page....
CVE-2016-10872 The ultimate-member plugin before 1.3.40 for WordPress has XSS on the login form....
CVE-2016-10873 The wp-database-backup plugin before 4.3.3 for WordPress has XSS....
CVE-2016-10874 The wp-database-backup plugin before 4.3.3 for WordPress has CSRF....
CVE-2016-10875 The wp-database-backup plugin before 4.3.1 for WordPress has XSS....
CVE-2016-10876 The wp-database-backup plugin before 4.3.1 for WordPress has CSRF....
CVE-2016-10877 The wp-editor plugin before 1.2.6.3 for WordPress has multiple XSS issues....
CVE-2016-10878 The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS....
CVE-2016-10879 The wp-live-chat-support plugin before 6.2.02 for WordPress has XSS....
CVE-2016-10880 The google-document-embedder plugin before 2.6.1 for WordPress has XSS....
CVE-2016-10881 The google-document-embedder plugin before 2.6.2 for WordPress has XSS....
CVE-2016-10882 The google-document-embedder plugin before 2.6.2 for WordPress has CSRF....
CVE-2016-10883 The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF for deleting users....
CVE-2016-10884 The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues....
CVE-2016-10885 The wp-editor plugin before 1.2.6 for WordPress has CSRF....
CVE-2016-10886 The wp-editor plugin before 1.2.6 for WordPress has incorrect permissions....
CVE-2016-10887 The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPress has multiple SQL injection...
CVE-2016-10888 The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection...
CVE-2016-10889 The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name....
CVE-2016-10890 The aryo-activity-log plugin before 2.3.2 for WordPress has XSS....
CVE-2016-10891 The aryo-activity-log plugin before 2.3.3 for WordPress has XSS....
CVE-2016-10892 The chained-quiz plugin before 1.0 for WordPress has multiple XSS issues....
CVE-2016-10893 The crayon-syntax-highlighter plugin before 2.8.4 for WordPress has multiple XSS issues via AJAX req...
S
CVE-2016-10894 xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen ...
S
CVE-2016-10895 The option-tree plugin before 2.6.0 for WordPress has XSS via an add_list_item or add_social_links A...
CVE-2016-10896 The seo-redirection plugin before 4.3 for WordPress has stored XSS....
CVE-2016-10897 The sermon-browser plugin before 0.45.16 for WordPress has multiple XSS issues....
CVE-2016-10898 The total-security plugin before 3.4.1 for WordPress has XSS....
CVE-2016-10899 The total-security plugin before 3.4.1 for WordPress has a settings-change vulnerability....
CVE-2016-10900 The uji-countdown plugin before 2.0.7 for WordPress has XSS....
CVE-2016-10901 The wp-customer-reviews plugin before 3.0.9 for WordPress has XSS in the admin tools....
CVE-2016-10902 The wp-customer-reviews plugin before 3.0.9 for WordPress has CSRF in the admin tools....
CVE-2016-10903 The GoDaddy godaddy-email-marketing-sign-up-forms plugin before 1.1.3 for WordPress has CSRF....
CVE-2016-10904 The olimometer plugin before 2.57 for WordPress has SQL injection....
CVE-2016-10905 An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused...
S
CVE-2016-10906 An issue was discovered in drivers/net/ethernet/arc/emac_main.c in the Linux kernel before 4.5. A us...
S
CVE-2016-10907 An issue was discovered in drivers/iio/dac/ad5755.c in the Linux kernel before 4.8.6. There is an ou...
S
CVE-2016-10908 The booking-calendar-contact-form plugin before 1.0.24 for WordPress has XSS....
CVE-2016-10909 The booking-calendar-contact-form plugin before 1.0.24 for WordPress has SQL injection....
CVE-2016-10910 The formbuilder plugin before 1.06 for WordPress has multiple XSS issues....
CVE-2016-10911 The profile-builder plugin before 2.4.2 for WordPress has multiple XSS issues....
CVE-2016-10912 The universal-analytics plugin before 1.3.1 for WordPress has XSS....
CVE-2016-10913 The wp-latest-posts plugin before 3.7.5 for WordPress has XSS....
CVE-2016-10914 The add-from-server plugin before 3.3.2 for WordPress has CSRF for importing a large file....
CVE-2016-10915 The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF....
CVE-2016-10916 The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different v...
CVE-2016-10917 The search-everything plugin before 8.1.6 for WordPress has SQL injection related to empty search st...
CVE-2016-10918 The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF....
CVE-2016-10919 The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::add_...
CVE-2016-10920 The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS....
CVE-2016-10921 The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection....
CVE-2016-10922 The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has privilege escalation....
CVE-2016-10923 The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has privilege escalation....
CVE-2016-10924 The ebook-download plugin before 1.2 for WordPress has directory traversal....
CVE-2016-10925 The peters-login-redirect plugin before 2.9.1 for WordPress has XSS during the editing of redirect U...
CVE-2016-10926 The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in ajax/iesupport.php....
CVE-2016-10927 The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php....
CVE-2016-10928 The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for ju...
S
CVE-2016-10929 The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the readin...
CVE-2016-10930 The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct o...
CVE-2016-10931 An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-m...
CVE-2016-10932 An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-i...
CVE-2016-10933 An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle ...
CVE-2016-10934 The check-email plugin before 0.5.2 for WordPress has XSS....
CVE-2016-10935 The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation....
CVE-2016-10936 The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll bar option....
CVE-2016-10937 IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate....
CVE-2016-10938 The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public posts to a public location....
E
CVE-2016-10939 The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter....
E
CVE-2016-10940 The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter....
E
CVE-2016-10941 The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable v...
CVE-2016-10942 The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via...
CVE-2016-10943 The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter....
E
CVE-2016-10944 The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF...
E
CVE-2016-10945 The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF....
E
CVE-2016-10946 The wp-d3 plugin before 2.4.1 for WordPress has CSRF....
E
CVE-2016-10947 The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a...
E
CVE-2016-10948 The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect handling of data passed to the un...
E
CVE-2016-10949 The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe ...
E
CVE-2016-10950 The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter....
E
CVE-2016-10951 The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter....
E
CVE-2016-10952 The quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quot...
E S
CVE-2016-10953 The Headway theme before 3.8.9 for WordPress has XSS via the license key field....
CVE-2016-10954 The Neosense theme before 1.8 for WordPress has qquploader unrestricted file upload....
CVE-2016-10955 The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect...
E
CVE-2016-10956 The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport....
E
CVE-2016-10957 The Akal theme through 2016-08-22 for WordPress has XSS via the framework/brad-shortcodes/tinymce/pr...
E
CVE-2016-10958 The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media...
E
CVE-2016-10959 The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable w...
E
CVE-2016-10960 The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in th...
E
CVE-2016-10961 The colorway theme before 3.4.2 for WordPress has XSS via the contactName parameter....
E
CVE-2016-10962 The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php option_name parame...
CVE-2016-10963 The icegram plugin before 1.9.19 for WordPress has XSS....
CVE-2016-10964 The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent HTTP header....
E
CVE-2016-10965 The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file de...
E
CVE-2016-10966 The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ directory traversal for file uplo...
E
CVE-2016-10967 The real3d-flipbook-lite plugin 1.0 for WordPress has XSS via the wp-content/plugins/real3d-flipbook...
E
CVE-2016-10968 The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePreferencesAjax->save() privilege...
CVE-2016-10969 The supportflow plugin before 0.7 for WordPress has XSS via a discussion ticket title....
S
CVE-2016-10970 The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt....
S
CVE-2016-10971 The MemberSonic Lite plugin before 1.302 for WordPress has incorrect login access control because on...
CVE-2016-10972 The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_upda...
E
CVE-2016-10973 The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticle...
E
CVE-2016-10974 The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has frs_save CSRF with resultant st...
E
CVE-2016-10975 The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has reflected XSS via the skin para...
E
CVE-2016-10976 The safe-editor plugin before 1.2 for WordPress has no se_save authentication, with resultant XSS....
E
CVE-2016-10977 The nelio-ab-testing plugin before 4.5.0 for WordPress has filename=..%2f directory traversal....
E
CVE-2016-10978 The fossura-tag-miner plugin before 1.1.5 for WordPress has CSRF....
CVE-2016-10979 The fossura-tag-miner plugin before 1.1.5 for WordPress has XSS....
CVE-2016-10980 The kento-post-view-counter plugin through 2.8 for WordPress has XSS via kento_pvc_geo....
E
CVE-2016-10981 The kento-post-view-counter plugin through 2.8 for WordPress has stored XSS via kento_pvc_numbers_la...
E
CVE-2016-10982 The kento-post-view-counter plugin through 2.8 for WordPress has wp-admin/admin.php?page=kentopvc_se...
E
CVE-2016-10983 The ghost plugin before 0.5.6 for WordPress has no access control for wp-admin/tools.php?ghostexport...
E
CVE-2016-10984 The echosign plugin before 1.2 for WordPress has XSS via the inc.php page parameter....
E
CVE-2016-10985 The echosign plugin before 1.2 for WordPress has XSS via the templates/add_templates.php id paramete...
E
CVE-2016-10986 The tweet-wheel plugin before 1.0.3.3 for WordPress has XSS via consumer_key, consumer_secret, acces...
E
CVE-2016-10987 The persian-woocommerce-sms plugin before 3.3.4 for WordPress has ps_sms_numbers XSS....
E
CVE-2016-10988 The leenkme plugin before 2.6.0 for WordPress has stored XSS via facebook_message, facebook_linkname...
E
CVE-2016-10989 The leenkme plugin before 2.6.0 for WordPress has wp-admin/admin.php?page=leenkme_facebook CSRF....
E
CVE-2016-10990 The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwarded-For HTTP header....
E
CVE-2016-10991 The imdb-widget plugin before 1.0.9 for WordPress has Local File Inclusion....
CVE-2016-10992 The music-store plugin before 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-sto...
E
CVE-2016-10993 The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter....
E
CVE-2016-10994 The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter....
E
CVE-2016-10995 The Tevolution plugin before 2.3.0 for WordPress has arbitrary file upload via single_upload.php or ...
CVE-2016-10996 The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes bec...
CVE-2016-10997 The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includ...
E
CVE-2016-10998 The ocim-mp3 plugin through 2016-03-07 for WordPress has wp-content/plugins/ocim-mp3/source/pages.ph...
E
CVE-2016-10999 The Goodnews theme through 2016-02-28 for WordPress has XSS via the s parameter....
E
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.