Total
7186 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1584 | 1 Unity8 | 1 Unity8 | 2024-11-21 | 5.0 MEDIUM | 1.6 LOW |
| In all versions of Unity8 a running but not active application on a large-screen device could talk with Maliit and consume keyboard input. | |||||
| CVE-2016-1544 | 2 Fedoraproject, Nghttp2 | 2 Fedora, Nghttp2 | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion). | |||||
| CVE-2016-15037 | 1 Go4rayyan | 1 Scumblr | 2024-11-21 | 3.3 LOW | 2.4 LOW |
| A vulnerability, which was classified as problematic, has been found in go4rayyan Scumblr up to 2.0.1a. Affected by this issue is some unknown functionality of the component Task Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0.2 is able to address this issue. The patch is identified as 5c9120f2362ddb7cbe48f2c4620715adddc4ee35. It is recommended to upgrade the affected component. VDB-251570 is the identifier assigned to this vulnerability. | |||||
| CVE-2016-15035 | 1 Doc2k | 1 Re-chat | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in Doc2k RE-Chat 1.0. It has been classified as problematic. This affects an unknown part of the file js_on_radio-emergency.de_/re_chat.js. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named bd17d497ddd3bab4ef9c6831c747c37cc016c570. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-238155. | |||||
| CVE-2016-15032 | 1 Mh Httpbl Project | 1 Mh Httpbl | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3. This affects the function stopOutput of the file class.tx_mhhttpbl.php. The manipulation of the argument $_SERVER['REMOTE_ADDR'] leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.1.8 is able to address this issue. The patch is named a754bf306a433a8c18b55e25595593e8f19b9463. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230391. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2016-15030 | 1 Twofactorauth Project | 1 Twofactorauth | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic has been found in Arno0x TwoFactorAuth. This affects an unknown part of the file login/login.php. The manipulation of the argument from leads to open redirect. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 8549ad3cf197095f783643e41333586d6a4d0e54. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-223803. | |||||
| CVE-2016-15029 | 1 Mapicoin Project | 1 Mapicoin | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in Ydalb mapicoin up to 1.9.0 and classified as problematic. This vulnerability affects unknown code of the file webroot/stats.php. The manipulation of the argument link/search leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.10.0 is able to address this issue. The patch is identified as 67e87f0f0c1ac238fcd050f4c3db298229bc9679. It is recommended to upgrade the affected component. VDB-223402 is the identifier assigned to this vulnerability. | |||||
| CVE-2016-15027 | 1 Metaphorcreations | 1 Post Duplicator | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in meta4creations Post Duplicator Plugin 2.18. It has been classified as problematic. Affected is the function mtphr_post_duplicator_notice of the file includes/notices.php. The manipulation of the argument post-duplicated leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.19 is able to address this issue. The name of the patch is ca67c05e490c0cf93a1e9b2d93bfeff3dd96f594. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221496. | |||||
| CVE-2016-15025 | 1 Generator-hottowel Project | 1 Generator-hottowel | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, was found in generator-hottowel 0.0.11. Affected is an unknown function of the file app/templates/src/server/_app.js of the component 404 Error Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is c17092fd4103143a9ddab93c8983ace8bf174396. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221484. | |||||
| CVE-2016-15024 | 1 Doomsider Shadow Project | 1 Doomsider Shadow | 2024-11-21 | 1.0 LOW | 2.5 LOW |
| A vulnerability was found in doomsider shadow. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. Attacking locally is a requirement. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is 3332c5ba9ec3014ddc74e2147190a050eee97bc0. It is recommended to apply a patch to fix this issue. VDB-221478 is the identifier assigned to this vulnerability. | |||||
| CVE-2016-15023 | 2024-11-21 | 2.7 LOW | 3.5 LOW | ||
| A vulnerability, which was classified as problematic, was found in SiteFusion Application Server up to 6.6.6. This affects an unknown part of the file getextension.php of the component Extension Handler. The manipulation leads to path traversal. Upgrading to version 6.6.7 is able to address this issue. The identifier of the patch is 49fff155c303d6cd06ce8f97bba56c9084bf08ac. It is recommended to upgrade the affected component. The identifier VDB-219765 was assigned to this vulnerability. | |||||
| CVE-2016-15022 | 2024-11-21 | 1.7 LOW | 2.0 LOW | ||
| A vulnerability was found in mosbth cimage up to 0.7.18. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file check_system.php. The manipulation of the argument $_SERVER['SERVER_SOFTWARE'] leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 0.7.19 is able to address this issue. The patch is named 401478c8393989836beeddfeac5ce44570af162b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-219715. | |||||
| CVE-2016-15015 | 1 Paysafe | 1 Barzahlen Payment Module Php Sdk | 2024-11-21 | 1.4 LOW | 2.6 LOW |
| A vulnerability, which was classified as problematic, was found in viafintech Barzahlen Payment Module PHP SDK up to 2.0.0. Affected is the function verify of the file src/Webhook.php. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.0.1 is able to address this issue. The patch is identified as 3e7d29dc0ca6c054a6d6e211f32dae89078594c1. It is recommended to upgrade the affected component. VDB-217650 is the identifier assigned to this vulnerability. | |||||
| CVE-2016-15014 | 1 Cesnet | 1 Theme-cesnet | 2024-11-21 | 1.7 LOW | 3.3 LOW |
| A vulnerability has been found in CESNET theme-cesnet up to 1.x on ownCloud and classified as problematic. Affected by this vulnerability is an unknown functionality of the file cesnet/core/lostpassword/templates/resetpassword.php. The manipulation leads to insufficiently protected credentials. Attacking locally is a requirement. Upgrading to version 2.0.0 is able to address this issue. The identifier of the patch is 2b857f2233ce5083b4d5bc9bfc4152f933c3e4a6. It is recommended to upgrade the affected component. The identifier VDB-217633 was assigned to this vulnerability. | |||||
| CVE-2016-15010 | 1 Django-ucamlookup Project | 1 Django-ucamlookup | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.9.2 is able to address this issue. The identifier of the patch is 5e25e4765637ea4b9e0bf5fcd5e9a922abee7eb3. It is recommended to upgrade the affected component. The identifier VDB-217441 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2016-15009 | 1 Openacs | 1 Bug-tracker | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic has been found in OpenACS bug-tracker. Affected is an unknown function of the file lib/nav-bar.adp of the component Search. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is aee43e5714cd8b697355ec3bf83eefee176d3fc3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217440. | |||||
| CVE-2016-15008 | 1 Coebot-www Project | 1 Coebot-www | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in oxguy3 coebot-www and classified as problematic. This issue affects the function displayChannelCommands/displayChannelQuotes/displayChannelAutoreplies/showChannelHighlights/showChannelBoir of the file js/channel.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. The patch is named c1a6c44092585da4236237e0e7da94ee2996a0ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217355. | |||||
| CVE-2016-15006 | 1 Enigmax Project | 1 Enigmax | 2024-11-21 | 2.6 LOW | 3.7 LOW |
| A vulnerability, which was classified as problematic, has been found in enigmaX up to 2.2. This issue affects the function getSeed of the file main.c of the component Scrambling Table Handler. The manipulation leads to predictable seed in pseudo-random number generator (prng). The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.3 is able to address this issue. The identifier of the patch is 922bf90ca14a681629ba0b807a997a81d70225b5. It is recommended to upgrade the affected component. The identifier VDB-217181 was assigned to this vulnerability. | |||||
| CVE-2016-11077 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account. | |||||
| CVE-2016-11027 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 2.4 LOW |
| An issue was discovered on Samsung mobile devices with M(6.0) software. In the Shade Locked state, a physically proximate attacker can read notifications on the lock screen. The Samsung ID is SVE-2016-7132 (December 2016). | |||||