Export limit exceeded: 362258 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362258 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-0362 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | N/A |
| Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token. | ||||
| CVE-2017-0361 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | N/A |
| Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext. | ||||
| CVE-2017-0359 | 2 Debian, Reproducible Builds | 2 Debian Linux, Diffoscope | 2024-11-21 | 9.8 Critical |
| diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive. | ||||
| CVE-2017-0357 | 2 Debian, Iucode-tool Project | 2 Debian Linux, Iucode-tool | 2024-11-21 | N/A |
| A heap-overflow flaw exists in the -tr loader of iucode-tool starting with v1.4 and before v2.1.1, potentially leading to SIGSEGV, or heap corruption. | ||||
| CVE-2017-0356 | 2 Debian, Ikiwiki | 2 Debian Linux, Ikiwiki | 2024-11-21 | N/A |
| A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters. | ||||
| CVE-2016-9969 | 1 Webmproject | 1 Libwebp | 2024-11-21 | N/A |
| In libwebp 0.5.1, there is a double free bug in libwebpmux. | ||||
| CVE-2016-9953 | 2 Haxx, Microsoft | 2 Curl, Windows Embedded Compact | 2024-11-21 | N/A |
| The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read. | ||||
| CVE-2016-9952 | 2 Haxx, Microsoft | 2 Curl, Windows Embedded Compact | 2024-11-21 | 8.1 High |
| The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by "*.com." | ||||
| CVE-2016-9928 | 3 Canonical, Debian, Mcabber | 3 Ubuntu Linux, Debian Linux, Mcabber | 2024-11-21 | 7.4 High |
| MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets. | ||||
| CVE-2016-9903 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context. This vulnerability affects Firefox < 50.1. | ||||
| CVE-2016-9902 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Enterprise Linux and 5 more | 2024-11-21 | N/A |
| The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. Note: this issue does not affect users with e10s enabled. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1. | ||||
| CVE-2016-9897 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Firefox, Firefox Esr and 4 more | 2024-11-21 | N/A |
| Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. | ||||
| CVE-2016-9896 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| Use-after-free while manipulating the "navigator" object within WebVR. Note: WebVR is not currently enabled by default. This vulnerability affects Firefox < 50.1. | ||||
| CVE-2016-9895 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-11-21 | N/A |
| Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. | ||||
| CVE-2016-9894 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50.1. | ||||
| CVE-2016-9880 | 1 Pivotal Software | 1 Gemfire For Pivotal Cloud Foundry | 2024-11-21 | N/A |
| The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x before 1.7.1 has multiple API endpoints which do not require authentication and could be used to gain access to the cluster managed by the broker. | ||||
| CVE-2016-9778 | 2 Isc, Netapp | 3 Bind, Data Ontap Edge, Solidfire Element Os Management Node | 2024-11-21 | N/A |
| An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a configuration that met the criteria for the vulnerability and if the attacker could cause it to accept a query that possessed the required attributes. Please note: This vulnerability affects the "nxdomain-redirect" feature, which is one of two methods of handling NXDOMAIN redirection, and is only available in certain versions of BIND. Redirection using zones of type "redirect" is not affected by this vulnerability. Affects BIND 9.9.8-S1 -> 9.9.8-S3, 9.9.9-S1 -> 9.9.9-S6, 9.11.0-9.11.0-P1. | ||||
| CVE-2016-9749 | 1 Ibm | 1 Campaign | 2024-11-21 | N/A |
| IBM Campaign 9.1.0, 9.1.2, 10.0, and 10.1 could allow an authenticated user with access to the local network to bypass security due to lack of input validation. IBM X-Force ID: 120206. | ||||
| CVE-2016-9722 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | N/A |
| IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 119737. | ||||
| CVE-2016-9711 | 1 Ibm | 1 Cognos Analytics | 2024-11-21 | N/A |
| IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) reveals sensitive information in detailed error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 119619. | ||||