Export limit exceeded: 74891 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74891 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-10937 | 4 Debian, Fedoraproject, Imapfilter Project and 1 more | 5 Debian Linux, Fedora, Imapfilter and 2 more | 2024-11-21 | 7.5 High |
| IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate. | ||||
| CVE-2016-10906 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.0 High |
| An issue was discovered in drivers/net/ethernet/arc/emac_main.c in the Linux kernel before 4.5. A use-after-free is caused by a race condition between the functions arc_emac_tx and arc_emac_tx_clean. | ||||
| CVE-2016-10905 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.8 High |
| An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused by the functions gfs2_clear_rgrpd and read_rindex_entry. | ||||
| CVE-2016-10884 | 1 Simple-membership-plugin | 1 Simple Membership | 2024-11-21 | 8.8 High |
| The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues. | ||||
| CVE-2016-10874 | 1 Wpseeds | 1 Wp Database Backup | 2024-11-21 | 8.8 High |
| The wp-database-backup plugin before 4.3.3 for WordPress has CSRF. | ||||
| CVE-2016-10766 | 1 Edx | 1 Edx-platform | 2024-11-21 | 8.8 High |
| edx-platform before 2016-06-06 allows CSRF. | ||||
| CVE-2016-10743 | 1 W1.fi | 1 Hostapd | 2024-11-21 | 7.5 High |
| hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call. | ||||
| CVE-2016-10707 | 1 Jquery | 1 Jquery | 2024-11-21 | 7.5 High |
| jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit. | ||||
| CVE-2016-10690 | 1 Openframe-ascii-image Project | 1 Openframe-ascii-image | 2024-11-21 | 8.1 High |
| openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | ||||
| CVE-2016-10688 | 1 Haxe | 1 Haxe | 2024-11-21 | 8.1 High |
| Haxe 3 : The Cross-Platform Toolkit (a fork from David Mouton's damoebius/haxe-npm) haxe3 downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | ||||
| CVE-2016-10680 | 1 Adamvr-geoip-lite Project | 1 Adamvr-geoip-lite | 2024-11-21 | 8.1 High |
| adamvr-geoip-lite is a light weight native JavaScript implementation of GeoIP API from MaxMind adamvr-geoip-lite downloads geoip resources over HTTP, which leaves it vulnerable to MITM attacks. This impacts the integrity and availability of this geoip data that may alter the decisions made by an application using this data. | ||||
| CVE-2016-10663 | 1 Node-wixtoolset Project | 1 Node-wixtoolset | 2024-11-21 | 8.1 High |
| wixtoolset is a Node module wrapper around the wixtoolset binaries wixtoolset downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | ||||
| CVE-2016-10658 | 1 Native-opencv Project | 1 Native-opencv | 2024-11-21 | 8.1 High |
| native-opencv is the OpenCV library installed via npm native-opencv downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | ||||
| CVE-2016-10595 | 1 Jdf-sass Project | 1 Jdf-sass | 2024-11-21 | 8.1 High |
| jdf-sass is a fork from node-sass, jdf use only. jdf-sass downloads executable resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested file with an attacker controlled file if the attacker is on the network or positioned in between the user and the remote server. | ||||
| CVE-2016-10583 | 1 Openlayers | 1 Closure-util | 2024-11-21 | 8.1 High |
| closure-utils is Utilities for Closure Library based projects. closure-utils downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | ||||
| CVE-2016-10560 | 1 Galenframework | 1 Galenframework-cli | 2024-11-21 | 8.1 High |
| galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | ||||
| CVE-2016-10524 | 1 I18n-node-angular Project | 1 I18n-node-angular | 2024-11-21 | 8.2 High |
| i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not disabled in production environments a malicious user could fill up the server causing a Denial of Service or content injection. | ||||
| CVE-2016-10521 | 1 Jshamcrest Project | 1 Jshamcrest | 2024-11-21 | 7.5 High |
| jshamcrest is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in to the emailAddress validator. | ||||
| CVE-2016-10520 | 1 Jadedown Project | 1 Jadedown | 2024-11-21 | 7.5 High |
| jadedown is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in. | ||||
| CVE-2016-1000104 | 2 Apache, Opensuse | 3 Mod Fcgid, Leap, Opensuse | 2024-11-21 | 8.8 High |
| A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07. | ||||