| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
951 |
CVE-2016-9464 |
285 |
|
|
2017-03-28 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares. The Sharing Backend as implemented in Nextcloud does differentiate between shares to users and groups. In case of a received group share, users should be able to unshare the file to themselves but not to the whole group. The previous API implementation simply unshared the file to all users in the group. |
|
952 |
CVE-2016-9463 |
287 |
|
Bypass |
2017-03-28 |
2019-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB server. This backend is implemented in a way that tries to connect to a SMB server and if that succeeded consider the user logged-in. The backend did not properly take into account SMB servers that have any kind of anonymous auth configured. This is the default on SMB servers nowadays and allows an unauthenticated attacker to gain access to an account without valid credentials. Note: The SMB backend is disabled by default and requires manual configuration in the Nextcloud/ownCloud config file. If you have not configured the SMB backend then you're not affected by this vulnerability. |
|
953 |
CVE-2016-9462 |
284 |
|
|
2017-03-28 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to restore old versions. |
|
954 |
CVE-2016-9461 |
284 |
|
|
2017-03-28 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files. |
|
955 |
CVE-2016-9460 |
284 |
|
|
2017-03-28 |
2017-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user. |
|
956 |
CVE-2016-9459 |
79 |
|
XSS |
2017-03-28 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the browser as an HTML document. Thus any injected data in the log would be executed. |
|
957 |
CVE-2016-9457 |
79 |
|
XSS |
2017-03-28 |
2017-03-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/stats.php` is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, period_start, period_end, and possibly others. |
|
958 |
CVE-2016-9456 |
352 |
|
CSRF |
2017-03-28 |
2017-03-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other potential CSRF vulnerabilities. Over 20+ such issues were fixed. |
|
959 |
CVE-2016-9455 |
352 |
|
CSRF |
2017-03-28 |
2017-03-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.php`, `www/admin/banner-modify.php`, `www/admin/banner-swf.php`, `www/admin/banner-zone.php`, `www/admin/tracker-modify.php`. |
|
960 |
CVE-2016-9454 |
79 |
|
XSS |
2017-03-28 |
2017-03-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages. |
|
961 |
CVE-2016-9399 |
617 |
|
DoS |
2017-03-23 |
2021-02-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. |
|
962 |
CVE-2016-9398 |
617 |
|
DoS |
2017-03-23 |
2021-02-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. |
|
963 |
CVE-2016-9397 |
617 |
|
DoS |
2017-03-23 |
2021-02-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. |
|
964 |
CVE-2016-9396 |
|
|
DoS |
2017-03-23 |
2021-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors. |
|
965 |
CVE-2016-9395 |
20 |
|
DoS |
2017-03-23 |
2017-03-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. |
|
966 |
CVE-2016-9394 |
20 |
|
DoS |
2017-03-23 |
2018-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. |
|
967 |
CVE-2016-9393 |
|
|
DoS |
2017-03-23 |
2018-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. |
|
968 |
CVE-2016-9392 |
|
|
DoS |
2017-03-23 |
2019-01-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. |
|
969 |
CVE-2016-9391 |
|
|
DoS |
2017-03-23 |
2018-06-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer. |
|
970 |
CVE-2016-9390 |
20 |
|
DoS |
2017-03-23 |
2018-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. |
|
971 |
CVE-2016-9389 |
|
|
DoS |
2017-03-23 |
2019-01-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure). |
|
972 |
CVE-2016-9388 |
|
|
DoS |
2017-03-23 |
2018-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. |
|
973 |
CVE-2016-9387 |
190 |
|
Overflow |
2017-03-23 |
2018-06-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure. |
|
974 |
CVE-2016-9368 |
284 |
|
|
2017-03-14 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access files without authenticating. |
|
975 |
CVE-2016-9319 |
295 |
|
|
2017-03-31 |
2017-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398. |
|
976 |
CVE-2016-9276 |
125 |
|
DoS |
2017-03-23 |
2022-03-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read). |
|
977 |
CVE-2016-9275 |
787 |
|
DoS Overflow |
2017-03-23 |
2022-03-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Heap-based buffer overflow in the _dwarf_skim_forms function in libdwarf/dwarf_macro5.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read). |
|
978 |
CVE-2016-9266 |
189 |
|
|
2017-03-23 |
2018-01-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
listmp3.c in libming 0.4.7 allows remote attackers to unspecified impact via a crafted mp3 file, which triggers an invalid left shift. |
|
979 |
CVE-2016-9265 |
369 |
|
DoS |
2017-03-23 |
2017-03-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp3 file. |
|
980 |
CVE-2016-9264 |
119 |
|
DoS Overflow |
2017-03-23 |
2017-03-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Buffer overflow in the printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file. |
|
981 |
CVE-2016-9262 |
190 |
|
DoS Overflow |
2017-03-23 |
2018-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities. |
|
982 |
CVE-2016-9252 |
19 |
|
|
2017-03-27 |
2019-06-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remote attackers to cause a denial-of-service (DoS) through unspecified vectors. |
|
983 |
CVE-2016-9245 |
284 |
|
|
2017-03-07 |
2017-07-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In F5 BIG-IP systems 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "Normalize URI" configuration options used in iRules and/or BIG-IP LTM policies. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group. |
|
984 |
CVE-2016-9243 |
20 |
|
|
2017-03-27 |
2017-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size. |
|
985 |
CVE-2016-9169 |
79 |
|
XSS |
2017-03-23 |
2017-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks. |
|
986 |
CVE-2016-9168 |
20 |
|
|
2017-03-23 |
2017-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking. |
|
987 |
CVE-2016-9167 |
264 |
|
|
2017-03-23 |
2017-04-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL. |
|
988 |
CVE-2016-9165 |
200 |
|
+Priv Bypass +Info |
2017-03-20 |
2017-03-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors. |
|
989 |
CVE-2016-9164 |
22 |
|
Dir. Trav. |
2017-03-07 |
2017-03-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to read arbitrary files via unspecified vectors. |
|
990 |
CVE-2016-9148 |
79 |
|
XSS |
2017-03-07 |
2017-03-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (formerly CA Service Desk) 12.9 and 14.1 allows remote attackers to inject arbitrary web script or HTML via the QBE.EQ.REF_NUM parameter. |
|
991 |
CVE-2016-9130 |
79 |
|
XSS |
2017-03-28 |
2019-10-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name wasn't properly escaped when displayed in the campaign-zone.php script. |
|
992 |
CVE-2016-9129 |
200 |
|
+Info |
2017-03-28 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revive Adserver instance by examining the message printed by the password recovery system. Such information cannot however be used directly to log in to the system, which requires a username. |
|
993 |
CVE-2016-9128 |
79 |
|
XSS |
2017-03-28 |
2019-10-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Revive Adserver before 3.2.3 suffers from reflected XSS. The affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack. This vulnerability could be used by an attacker to steal the session ID of an authenticated user, by tricking them into visiting a specifically crafted URL. |
|
994 |
CVE-2016-9127 |
352 |
|
CSRF |
2017-03-28 |
2019-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send a large number of password recovery emails to the registered users, especially in conjunction with a bug that caused recovery emails to be sent to all the users at once. Both issues have been fixed. |
|
995 |
CVE-2016-9126 |
79 |
|
XSS |
2017-03-28 |
2019-10-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An authenticated user with enough privileges to create other users could exploit the vulnerability to access the administrator account. |
|
996 |
CVE-2016-9125 |
384 |
|
|
2017-03-28 |
2019-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could have been an opportunity for an attacker to steal an authenticated session. |
|
997 |
CVE-2016-9124 |
287 |
|
|
2017-03-28 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to regular users during such attacks. A random delay has instead been introduced as a countermeasure in case of password failures, along with a system to discourage parallel brute forcing. These systems will effectively allow the valid users to log in to the adserver, even while an attack is in progress. |
|
998 |
CVE-2016-9123 |
190 |
|
Overflow Bypass |
2017-03-28 |
2017-03-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures. |
|
999 |
CVE-2016-9122 |
284 |
|
|
2017-03-28 |
2017-03-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
go-jose before 1.0.4 suffers from multiple signatures exploitation. The go-jose library supports messages with multiple signatures. However, when validating a signed message the API did not indicate which signature was valid, which could potentially lead to confusion. For example, users of the library might mistakenly read protected header values from an attached signature that was different from the one originally validated. |
|
1000 |
CVE-2016-9121 |
326 |
|
|
2017-03-28 |
2017-03-29 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static private key of the receiver, thus making it vulnerable to an invalid curve attack. |
