Total
9453 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-4643 | 1 Apple | 3 Apple Tv, Iphone Os, Mac Os | 2024-11-21 | N/A |
| In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, a validation issue existed in the parsing of 407 responses. This issue was addressed through improved response validation. | ||||
| CVE-2016-3954 | 1 Web2py | 1 Web2py | 2024-11-21 | N/A |
| web2py before 2.14.2 allows remote attackers to obtain the session_cookie_key value via a direct request to examples/simple_examples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957. | ||||
| CVE-2016-20012 | 2 Netapp, Openbsd | 5 Clustered Data Ontap, Hci Management Node, Ontap Select Deploy Administration Utility and 2 more | 2024-11-21 | 5.3 Medium |
| OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product | ||||
| CVE-2016-1600 | 1 Microfocus | 1 Identity Manager | 2024-11-21 | N/A |
| The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability. | ||||
| CVE-2016-1159 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2024-11-21 | 6.5 Medium |
| In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service. | ||||
| CVE-2016-11081 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser. | ||||
| CVE-2016-11078 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI. | ||||
| CVE-2016-11075 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API. | ||||
| CVE-2016-11066 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 7.5 High |
| An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information. | ||||
| CVE-2016-11059 | 1 Netgear | 86 Ac1450, Ac1450 Firmware, C6300 and 83 more | 2024-11-21 | 7.5 High |
| Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before 2017-01-06, D500 before 2017-01-06, D1500 before 2017-01-06, D3600 before 2017-01-06, D6000 before 2017-01-06, D6100 before 2017-01-06, D6200 before 2017-01-06, D6200B before 2017-01-06, D6300B before 2017-01-06, D6300 before 2017-01-06, DGN1000v3 before 2017-01-06, DGN2200v1 before 2017-01-06, DGN2200v3 before 2017-01-06, DGN2200V4 before 2017-01-06, DGN2200Bv3 before 2017-01-06, DGN2200Bv4 before 2017-01-06, DGND3700v1 before 2017-01-06, DGND3700v2 before 2017-01-06, DGND3700Bv2 before 2017-01-06, JNR1010v1 before 2017-01-06, JNR1010v2 before 2017-01-06, JNR3300 before 2017-01-06, JR6100 before 2017-01-06, JR6150 before 2017-01-06, JWNR2000v5 before 2017-01-06, R2000 before 2017-01-06, R6050 before 2017-01-06, R6100 before 2017-01-06, R6200 before 2017-01-06, R6200v2 before 2017-01-06, R6220 before 2017-01-06, R6250 before 2017-01-06, R6300 before 2017-01-06, R6300v2 before 2017-01-06, R6700 before 2017-01-06, R7000 before 2017-01-06, R7900 before 2017-01-06, R7500 before 2017-01-06, R8000 before 2017-01-06, WGR614v10 before 2017-01-06, WNR1000v2 before 2017-01-06, WNR1000v3 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2000v3 before 2017-01-06, WNR2000v4 before 2017-01-06, WNR2000v5 before 2017-01-06, WNR2200 before 2017-01-06, WNR2500 before 2017-01-06, WNR3500Lv2 before 2017-01-06, WNDR3400v2 before 2017-01-06, WNDR3400v3 before 2017-01-06, WNDR3700v3 before 2017-01-06, WNDR3700v4 before 2017-01-06, WNDR3700v5 before 2017-01-06, WNDR4300 before 2017-01-06, WNDR4300v2 before 2017-01-06, WNDR4500v1 before 2017-01-06, WNDR4500v2 before 2017-01-06, and WNDR4500v3 before 2017-01-06. | ||||
| CVE-2016-11027 | 1 Google | 1 Android | 2024-11-21 | 2.4 Low |
| An issue was discovered on Samsung mobile devices with M(6.0) software. In the Shade Locked state, a physically proximate attacker can read notifications on the lock screen. The Samsung ID is SVE-2016-7132 (December 2016). | ||||
| CVE-2016-10844 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| The chcpass script in cPanel before 11.54.0.4 reveals a password hash (SEC-77). | ||||
| CVE-2016-10815 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120). | ||||
| CVE-2016-10811 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116). | ||||
| CVE-2016-10810 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115). | ||||
| CVE-2016-10809 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114). | ||||
| CVE-2016-10797 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certificate" page visitors to list all server domains (SEC-133). | ||||
| CVE-2016-10794 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processing error (SEC-154). | ||||
| CVE-2016-10790 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpanel.net (SEC-192). | ||||
| CVE-2016-10786 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys (SEC-186). | ||||