The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2016-9434 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | MEDIUM | Dec 13, 2016 |
| CVE-2016-9437 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) and possibly memory corruption via a crafted HTML page. | MEDIUM | Dec 13, 2016 |
| CVE-2016-9438 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | MEDIUM | Dec 13, 2016 |
| CVE-2016-9439 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. | MEDIUM | Dec 13, 2016 |
| CVE-2016-9440 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | MEDIUM | Dec 13, 2016 |
| CVE-2016-9441 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | MEDIUM | Dec 13, 2016 |
| CVE-2016-9442 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause memory corruption in certain conditions via a crafted HTML page. | MEDIUM | Dec 13, 2016 |
| CVE-2016-9443 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | MEDIUM | Dec 13, 2016 |
| CVE-2016-9449 | The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags. | MEDIUM | Nov 29, 2016 |
| CVE-2016-9450 | The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context. | MEDIUM | Nov 29, 2016 |
| CVE-2016-9451 | Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors. | MEDIUM | Nov 29, 2016 |
| CVE-2016-9452 | The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote attackers to cause a denial of service via a crafted URL. | MEDIUM | Nov 29, 2016 |
| CVE-2016-9479 | The lost password functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request. | MEDIUM | Dec 2, 2016 |
| CVE-2016-9480 | libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the malformed dwarf file approach, related to a Heap Buffer Over-read issue affecting the dwarf_util.c component, aka DW201611-006. | MEDIUM | Nov 30, 2016 |
| CVE-2016-9564 | Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters. | MEDIUM | Dec 2, 2016 |
| CVE-2016-9622 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | MEDIUM | Dec 13, 2016 |
| CVE-2016-9623 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | MEDIUM | Dec 13, 2016 |
| CVE-2016-9624 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | MEDIUM | Dec 13, 2016 |
| CVE-2016-9625 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. | MEDIUM | Dec 13, 2016 |
| CVE-2016-9626 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. | MEDIUM | Dec 13, 2016 |
| CVE-2016-9627 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (heap buffer overflow and crash) via a crafted HTML page. | MEDIUM | Dec 13, 2016 |
| CVE-2016-9628 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | MEDIUM | Dec 13, 2016 |
| CVE-2016-9629 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | MEDIUM | Dec 13, 2016 |
| CVE-2016-9630 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page. | MEDIUM | Dec 13, 2016 |
| CVE-2016-9631 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | MEDIUM | Dec 13, 2016 |
| CVE-2016-9632 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page. | MEDIUM | Dec 13, 2016 |
| CVE-2016-9633 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (infinite loop and resource consumption) via a crafted HTML page. | MEDIUM | Dec 13, 2016 |
| CVE-2016-9751 | Cross-site scripting (XSS) vulnerability in the search results front end in Piwigo 2.8.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | MEDIUM | Dec 6, 2016 |
| CVE-2016-9752 | In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code. | MEDIUM | Dec 2, 2016 |
| CVE-2016-9797 | In BlueZ 5.42, a buffer over-read was observed in l2cap_dump function in tools/parser/l2cap.c source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. | MEDIUM | Dec 7, 2016 |
| CVE-2016-9798 | In BlueZ 5.42, a use-after-free was identified in conf_opt function in tools/parser/l2cap.c source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. | MEDIUM | Dec 7, 2016 |
| CVE-2016-9799 | In BlueZ 5.42, a buffer overflow was observed in pklg_read_hci function in btsnoop.c source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. | MEDIUM | Dec 7, 2016 |
| CVE-2016-9800 | In BlueZ 5.42, a buffer overflow was observed in pin_code_reply_dump function in tools/parser/hci.c source file. The issue exists because pin array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame pin_code_reply_cp *cp parameter. | MEDIUM | Dec 7, 2016 |
| CVE-2016-9801 | In BlueZ 5.42, a buffer overflow was observed in set_ext_ctrl function in tools/parser/l2cap.c source file when processing corrupted dump file. | MEDIUM | Dec 7, 2016 |
| CVE-2016-9802 | In BlueZ 5.42, a buffer over-read was identified in l2cap_packet function in monitor/packet.c source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash. | MEDIUM | Dec 7, 2016 |
| CVE-2016-9803 | In BlueZ 5.42, an out-of-bounds read was observed in le_meta_ev_dump function in tools/parser/hci.c source file. This issue exists because \'subevent\' (which is used to read correct element from \'ev_le_meta_str\' array) is overflowed. | MEDIUM | Dec 7, 2016 |
| CVE-2016-9804 | In BlueZ 5.42, a buffer overflow was observed in commands_dump function in tools/parser/csr.c source file. The issue exists because commands array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame frm->ptr parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash. | MEDIUM | Dec 7, 2016 |
| CVE-2016-9832 | PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via (1) SAPGUI or (2) Internet Communication Framework (ICF) over HTTP or HTTPS, as demonstrated by WEBGUI or Report. | MEDIUM | Dec 9, 2016 |
| CVE-2016-9839 | In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails. | MEDIUM | Dec 8, 2016 |
| CVE-2016-9847 | An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user\'s blowfish_secret and potentially decrypt their cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | MEDIUM | Dec 13, 2016 |
| CVE-2016-9848 | An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | MEDIUM | Dec 13, 2016 |
| CVE-2016-9850 | An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | MEDIUM | Dec 13, 2016 |
| CVE-2016-9851 | An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. | MEDIUM | Dec 13, 2016 |
| CVE-2016-9852 | An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the curl wrapper issue. | MEDIUM | Dec 13, 2016 |
| CVE-2016-9853 | An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the fopen wrapper issue. | MEDIUM | Dec 13, 2016 |
| CVE-2016-9854 | An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the json_decode issue. | MEDIUM | Dec 13, 2016 |
| CVE-2016-9855 | An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the PMA_shutdownDuringExport issue. | MEDIUM | Dec 13, 2016 |
| CVE-2016-9856 | An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | MEDIUM | Dec 13, 2016 |
| CVE-2016-9857 | An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | MEDIUM | Dec 13, 2016 |
| CVE-2016-9858 | An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | MEDIUM | Dec 13, 2016 |
