Total
415 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-2041 | 3 Fedoraproject, Opensuse, Phpmyadmin | 4 Fedora, Leap, Opensuse and 1 more | 2024-11-21 | N/A |
| libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences. | ||||
| CVE-2016-1965 | 4 Mozilla, Opensuse, Oracle and 1 more | 4 Firefox, Opensuse, Linux and 1 more | 2024-11-21 | N/A |
| Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property. | ||||
| CVE-2016-1958 | 4 Mozilla, Opensuse, Oracle and 1 more | 4 Firefox, Opensuse, Linux and 1 more | 2024-11-21 | N/A |
| browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL. | ||||
| CVE-2016-1927 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | N/A |
| The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach. | ||||
| CVE-2016-1896 | 1 Lexmark | 28 C4150, C6160, Cs720de and 25 more | 2024-11-21 | N/A |
| Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status. | ||||
| CVE-2016-1862 | 1 Apple | 1 Mac Os X | 2024-11-21 | N/A |
| Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1860. | ||||
| CVE-2016-1860 | 1 Apple | 1 Mac Os X | 2024-11-21 | N/A |
| Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1862. | ||||
| CVE-2016-1738 | 1 Apple | 1 Mac Os X | 2024-11-21 | N/A |
| dyld in Apple OS X before 10.11.4 allows attackers to bypass a code-signing protection mechanism via a modified app. | ||||
| CVE-2016-1696 | 5 Debian, Google, Opensuse and 2 more | 9 Debian Linux, Chrome, Leap and 6 more | 2024-11-21 | N/A |
| The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | ||||
| CVE-2016-1682 | 6 Canonical, Debian, Google and 3 more | 10 Ubuntu Linux, Debian Linux, Chrome and 7 more | 2024-11-21 | N/A |
| The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a ServiceWorker registration. | ||||
| CVE-2016-1672 | 5 Debian, Google, Opensuse and 2 more | 9 Debian Linux, Chrome, Leap and 6 more | 2024-11-21 | N/A |
| The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vectors. | ||||
| CVE-2016-1664 | 3 Google, Opensuse, Redhat | 7 Chrome, Opensuse, Enterprise Linux Desktop Supplementary and 4 more | 2024-11-21 | N/A |
| The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web site. | ||||
| CVE-2016-1657 | 5 Debian, Google, Novell and 2 more | 5 Debian Linux, Chrome, Suse Package Hub For Suse Linux Enterprise and 2 more | 2024-11-21 | N/A |
| The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL. | ||||
| CVE-2016-1616 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | N/A |
| The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button. | ||||
| CVE-2016-1615 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | N/A |
| The Omnibox implementation in Google Chrome before 48.0.2564.82 allows remote attackers to spoof a document's origin via unspecified vectors. | ||||
| CVE-2016-1585 | 1 Canonical | 1 Apparmor | 2024-11-21 | N/A |
| In all versions of AppArmor mount rules are accidentally widened when compiled. | ||||
| CVE-2016-1567 | 1 Tuxfamily | 1 Chrony | 2024-11-21 | N/A |
| chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." | ||||
| CVE-2016-1551 | 2 Ntp, Ntpsec | 2 Ntp, Ntpsec | 2024-11-21 | N/A |
| ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock's peer record and will be treated as a trusted peer. Any system that lacks the typical martian packet filtering which would block these packets is in danger of having its time controlled by an attacker. | ||||
| CVE-2016-1520 | 1 Grandstream | 1 Wave | 2024-11-21 | N/A |
| The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application. | ||||
| CVE-2016-1489 | 1 Lenovo | 1 Shareit | 2024-11-21 | N/A |
| Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in cleartext, which allows remote attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. | ||||