Total
4003 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-8609 | 1 Redhat | 2 Jboss Single Sign On, Keycloak | 2024-11-21 | N/A |
| It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to information disclosure, or permit further possible attacks. | ||||
| CVE-2016-8380 | 1 Phoenixcontact | 2 Ilc Plcs, Ilc Plcs Firmware | 2024-11-21 | N/A |
| The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication. | ||||
| CVE-2016-8371 | 1 Phoenixcontact | 2 Ilc Plcs, Ilc Plcs Firmware | 2024-11-21 | N/A |
| The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled. | ||||
| CVE-2016-6549 | 1 Nutspace | 1 Nut Mobile | 2024-11-21 | N/A |
| The Zizai Tech Nut device allows unauthenticated Bluetooth pairing, which enables unauthenticated connected applications to write data to the device name attribute. | ||||
| CVE-2016-6544 | 1 Ieasytec | 1 Itrack Easy | 2024-11-21 | N/A |
| getgps data in iTrack Easy can be modified without authentication by setting the data using the parametercmd:setothergps. This vulnerability can be exploited to alter the GPS data of a lost device. | ||||
| CVE-2016-6541 | 1 Thetrackr | 2 Trackr Bravo, Trackr Bravo Firmware | 2024-11-21 | N/A |
| TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541. | ||||
| CVE-2016-2359 | 1 Milesight | 2 Ip Security Camera, Ip Security Camera Firmware | 2024-11-21 | 9.8 Critical |
| Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource. | ||||
| CVE-2016-2125 | 2 Redhat, Samba | 10 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 7 more | 2024-11-21 | 6.5 Medium |
| It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. | ||||
| CVE-2016-2124 | 5 Canonical, Debian, Fedoraproject and 2 more | 26 Ubuntu Linux, Debian Linux, Fedora and 23 more | 2024-11-21 | 5.9 Medium |
| A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. | ||||
| CVE-2016-2032 | 1 Arubanetworks | 3 Airwave, Aruba Instant, Arubaos | 2024-11-21 | 7.5 High |
| A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672 | ||||
| CVE-2016-11074 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused. | ||||
| CVE-2016-11072 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled. | ||||
| CVE-2016-11057 | 1 Netgear | 18 Jnr1010, Jnr1010 Firmware, Jwnr2000 and 15 more | 2024-11-21 | 7.5 High |
| Certain NETGEAR devices are affected by mishandling of repeated URL calls. This affects JNR1010v2 before 2017-01-06, WNR614 before 2017-01-06, WNR618 before 2017-01-06, JWNR2000v5 before 2017-01-06, WNR2020 before 2017-01-06, JWNR2010v5 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2020v2 before 2017-01-06, R6220 before 2017-01-06, and WNDR3700v5 before 2017-01-06. | ||||
| CVE-2016-11042 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. There is a SIM Lock bypass. The Samsung ID is SVE-2016-5381 (June 2016). | ||||
| CVE-2016-11041 | 1 Google | 1 Android | 2024-11-21 | 4.6 Medium |
| An issue was discovered on Samsung mobile devices with KK(4.4) software. Attackers can bypass the lockscreen by sending an AT command over USB. The Samsung ID is SVE-2015-5301 (June 2016). | ||||
| CVE-2016-10983 | 1 Ghost | 1 Ghost | 2024-11-21 | 6.5 Medium |
| The ghost plugin before 0.5.6 for WordPress has no access control for wp-admin/tools.php?ghostexport=true downloads of exported data. | ||||
| CVE-2016-10836 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108). | ||||
| CVE-2016-10835 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107). | ||||
| CVE-2016-10833 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104). | ||||
| CVE-2016-10832 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102). | ||||