LiveActive security incident?Get immediate response
CVE archive

May 2016

Browse CVE records published in May 2016, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 764 matching CVEs · Page 1 of 16.

High · CVSS 7.5 · CISA KEV

CVE-2016-0189: The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through...

The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0187.

Published May 11, 2016 · Updated Oct 21, 2025

Unknown · CVSS Not scored

CVE-2016-4070: Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x befor...

Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says "Not sure if this qualifies as security issue (probably not).

Published May 20, 2016 · Updated Nov 14, 2024

Unknown · CVSS Not scored

CVE-2016-4789: Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user int...

Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published May 26, 2016 · Updated Nov 14, 2024

Unknown · CVSS Not scored

CVE-2016-10531: marked is an application that is meant to parse and compile markdown.

marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it's possible to bypass marked's content injection protection (`sanitize: true`) to inject a `javascript:` URL. This flaw exists because `&#xNNanything;` gets parsed to what it could and leaves the rest behind, resulting in just `anything;` being left.

Published May 31, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10601: webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver / IEDriver / IOSDriver / Ghostdriver.

webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver / IEDriver / IOSDriver / Ghostdriver. webdrvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published May 29, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10537: backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and c...

backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the `Model#Escape` function of backbone 0.3.3 and earlier, if a user is able to supply input. This is due to the regex that's replacing things to miss the conversion of things such as `<` to `<`.

Published May 31, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10562: iedriver is an NPM wrapper for Selenium IEDriver.

iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published May 31, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-4784: A vulnerability has been identified in firmware variant PROFINET IO for EN100 Ethernet module : All version...

A vulnerability has been identified in firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02; SIPROTEC 7SJ686 : All versions < V 4.83; SIPROTEC 7UT686 : All versions < V 4.01; SIPROTEC 7SD686 : All versions < V 4.03; SIPROTEC 7SJ66 : All versions < V 4.20. The integrated web server (port 80/tcp) of the affected devices could allow remote attackers to obtain sensitive device information if network access was obtained.

Published May 31, 2016 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10556: sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB,...

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. This causes potential SQL injection in sequelize 3.19.3 and earlier, where a malicious user could put `["test", "'); DELETE TestTable WHERE Id = 1 --')"]` inside of ``` database.query('SELECT * FROM TestTable WHERE Name IN (:names)', { replacements: { names: directCopyOfUserInput } }); ``` and cause the SQL statement to become `SELECT Id FROM Table WHERE Name IN ('test', '\'); DELETE TestTable WHERE Id = 1 --')`. In Postgres, MSSQL, and SQLite, the backslash has no special meaning. This causes the the statement to delete whichever Id has a value of 1 in the TestTable table.

Published May 29, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10666: tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser downloads binary resources over HTTP...

tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published May 29, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-9092: The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1, and Mail Threat Defense (MTD) 1.1 management...

The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1, and Mail Threat Defense (MTD) 1.1 management consoles are susceptible to a cross-site request forging (CSRF) vulnerability. A remote attacker can use phishing or other social engineering techniques to access the management console with the privileges of an authenticated administrator user.

Published May 11, 2017 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10698: mystem-fix is a node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem-fix downloads binar...

mystem-fix is a node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem-fix downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published May 29, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10518: A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to...

A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly what you expect, but internally ws always transforms all data that we need to send to a Buffer instance and that is where the vulnerability existed. ws didn't do any checks for the type of data it was sending. With buffers in node when you allocate it when a number instead of a string it will allocate the amount of bytes.

Published May 31, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10544: uws is a WebSocket server library.

uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data will then inflate up to 256mb and crash the node process by exceeding V8's maximum string size. This affects uws >=0.10.0 <=0.10.8.

Published May 31, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10566: install-nw is a module which quickly and robustly installs and caches NW.js.

install-nw is a module which quickly and robustly installs and caches NW.js. install-nw versions below 1.1.5 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published May 29, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10674: limbus-buildgen is a "build anywhere" build system.

limbus-buildgen is a "build anywhere" build system. limbus-buildgen versions below 0.1.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published May 29, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10534: electron-packager is a command line tool that packages Electron source code into `.app` and `.exe` packages.

electron-packager is a command line tool that packages Electron source code into `.app` and `.exe` packages. along with Electron. The `--strict-ssl` command line option in electron-packager >= 5.2.1 <= 6.0.0 || >=6.0.0 <= 6.0.2 defaults to false if not explicitly set to true. This could allow an attacker to perform a man in the middle attack.

Published May 31, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10558: aerospike is an Aerospike add-on module for Node.js.

aerospike is an Aerospike add-on module for Node.js. aerospike versions below 2.4.2 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published May 29, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10722: partclone.fat in Partclone before 0.2.88 is prone to a heap-based buffer overflow vulnerability due to insu...

partclone.fat in Partclone before 0.2.88 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the FAT superblock, related to the mark_reserved_sectors function. An attacker may be able to execute arbitrary code in the context of the user running the affected application.

Published May 2, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10374: perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the c...

perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim cannot delete.

Published May 17, 2017 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10681: roslib-socketio - The standard ROS Javascript Library fork for add support to socket.io roslib-socketio dow...

roslib-socketio - The standard ROS Javascript Library fork for add support to socket.io roslib-socketio downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published May 29, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10557: appium-chromedriver is a Node.js wrapper around Chromedriver.

appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published May 31, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10536: engine.io-client is the client for engine.io, the implementation of a transport-based cross-browser/cross-d...

engine.io-client is the client for engine.io, the implementation of a transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. The vulnerability is related to the way that node.js handles the `rejectUnauthorized` setting. If the value is something that evaluates to false, certificate verification will be disabled. This is problematic as engine.io-client 1.6.8 and earlier passes in an object for settings that includes the rejectUnauthorized property, whether it has been set or not. If the value has not been explicitly changed, it will be passed in as `null`, resulting in certificate verification being turned off.

Published May 31, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10549: Sails is an MVC style framework for building realtime web applications.

Sails is an MVC style framework for building realtime web applications. Version 0.12.7 and lower have an issue with the CORS configuration where the value of the origin header is reflected as the value for the Access-Control-Allow-Origin header. This would allow an attacker to make AJAX requests to vulnerable hosts through cross site scripting or a malicious HTML Document, effectively bypassing the Same Origin Policy. Note that this is only an issue when `allRoutes` is set to `true` and `origin` is set to `*` or left commented out in the sails CORS config file. The problem can be compounded when the cors `credentials` setting is not provided. At that point authenticated cross domain requests are possible.

Published May 31, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10535: csrf-lite is a cross-site request forgery protection library for framework-less node sites.

csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This enables an attacker to guess the secret in no more than (16*18)288 guesses, instead of the 16^18 guesses required were the timing attack not present.

Published May 31, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10564: apk-parser is a tool to extract Android Manifest info from an APK file.

apk-parser is a tool to extract Android Manifest info from an APK file. apk-parser versions below 0.1.6 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published May 31, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10682: massif is a Phantomjs fork massif downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

massif is a Phantomjs fork massif downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published May 29, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10560: galenframework-cli is the node wrapper for the Galen Framework.

galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published May 31, 2018 · Updated Sep 17, 2024