Total
299224 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4402 | 1 Hp | 1 Keyview | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via buffer overflow. | |||||
| CVE-2016-4401 | 1 Arubanetworks | 1 Clearpass | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials. | |||||
| CVE-2016-4400 | 1 Hp | 1 Network Node Manager I | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS). | |||||
| CVE-2016-4399 | 1 Hp | 1 Network Node Manager I | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS). | |||||
| CVE-2016-4398 | 1 Hp | 1 Network Node Manager I | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A remote arbitrary code execution vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10 using Java Deserialization. | |||||
| CVE-2016-4397 | 1 Hp | 1 Network Node Manager I | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A local code execution security vulnerability was identified in HP Network Node Manager i (NNMi) v10.00, v10.10 and v10.20 Software. | |||||
| CVE-2016-4392 | 1 Hp | 1 Business Service Management | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 - v9.25IP1. | |||||
| CVE-2016-4391 | 1 Hp | 1 Arcsight Winc Connector | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution security vulnerability has been identified in all versions of the HP ArcSight WINC Connector prior to v7.3.0. | |||||
| CVE-2016-4289 | 1 Gmer | 1 Gmer | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A stack based buffer overflow vulnerability exists in the method receiving data from SysTreeView32 control of the GMER 2.1.19357 application. A specially created long path can lead to a buffer overflow on the stack resulting in code execution. An attacker needs to create path longer than 99 characters to trigger this vulnerability. | |||||
| CVE-2016-3957 | 1 Web2py | 1 Web2py | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The secure_load function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which might allow remote attackers to execute arbitrary code by leveraging knowledge of encryption_key. | |||||
| CVE-2016-3954 | 1 Web2py | 1 Web2py | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| web2py before 2.14.2 allows remote attackers to obtain the session_cookie_key value via a direct request to examples/simple_examples/status. NOTE: this issue can be leveraged by remote attackers to execute arbitrary code using CVE-2016-3957. | |||||
| CVE-2016-3953 | 1 Web2py | 1 Web2py | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function. | |||||
| CVE-2016-3952 | 1 Web2py | 1 Web2py | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/template_examples/beautify. NOTE: this issue can be leveraged by remote attackers to gain administrative access. | |||||
| CVE-2016-3735 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaults to usingmt_rand in order to generate password reset tokens. mt_rand output can be predicted after recovering the seed used to generate it. This low an unauthenticated attacker to take over an account providing they know an administrators email address in order to be able to request password reset. | |||||
| CVE-2016-3709 | 1 Xmlsoft | 1 Libxml2 | 2024-11-21 | N/A | 6.1 MEDIUM |
| Possible cross-site scripting vulnerability in libxml after commit 960f0e2. | |||||
| CVE-2016-3192 | 1 Cloudera | 1 Cloudera Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files. | |||||
| CVE-2016-3182 | 1 Uclouvain | 1 Openjpeg | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before 2.1.1 allows attackers to cause a denial of service (memory corruption) via a crafted jpeg 2000 file. | |||||
| CVE-2016-3131 | 1 Cloudera | 1 Cdh | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls. | |||||
| CVE-2016-3098 | 1 Thoughtbot | 1 Administrate | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user's OAuth autorization code. | |||||
| CVE-2016-2983 | 1 Ibm | 1 Tealeaf Customer Experience | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security. IBM X-Force ID: 113999. | |||||