|
266101
|
5.9 |
MEDIUM
Network
|
apache
|
ignite
|
Apache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents.
|
CWE-611
XXE
|
CVE-2016-6805
|
2024-11-21 11:56 |
2017-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266102
|
9.8 |
CRITICAL
Network
|
apache
|
tika
nutch
|
Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2016-6809
|
2024-11-21 11:56 |
2017-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266103
|
7.5 |
HIGH
Network
|
illumos
|
illumos
|
illumos smbsrv NULL pointer dereference allows system crash.
|
CWE-476
NULL Pointer Dereference
|
CVE-2016-6561
|
2024-11-21 11:56 |
2017-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266104
|
8.6 |
HIGH
Network
|
illumos
|
illumos
|
illumos osnet-incorporation bcopy() and bzero() implementations make signed instead of unsigned comparisons allowing a system crash.
|
CWE-20
Improper Input Validation
|
CVE-2016-6560
|
2024-11-21 11:56 |
2017-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266105
|
6.1 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite_backend
documentconverter-api
office_web
open-xchange_appsuite_frontend
|
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2 before 7.8.2-rev8; AppSuite frontend before 7.6.2-rev47, 7.8.0 befor…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6846
|
2024-11-21 11:56 |
2017-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266106
|
9.8 |
CRITICAL
Network
|
apache
|
ambari
|
Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations …
|
CWE-284
Improper Access Control
|
CVE-2016-6807
|
2024-11-21 11:56 |
2017-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266107
|
7.5 |
HIGH
Network
|
emc
|
recoverpoint_for_virtual_machines
recoverpoint
|
EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to comp…
|
CWE-200
Information Exposure
|
CVE-2016-6650
|
2024-11-21 11:56 |
2017-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266108
|
7.1 |
HIGH
Network
|
apache
|
tomcat
|
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could b…
|
CWE-20
Improper Input Validation
|
CVE-2016-6816
|
2024-11-21 11:56 |
2017-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266109
|
5.5 |
MEDIUM
Local
|
openbsd
|
openbsd
|
Integer overflow in the uvm_map_isavail function in uvm/uvm_map.c in OpenBSD 5.9 allows local users to cause a denial of service (kernel panic) via a crafted mmap call, which triggers the new mapping…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2016-6522
|
2024-11-21 11:56 |
2017-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266110
|
7.5 |
HIGH
Network
|
magento
|
magento2
|
The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attacker…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2016-6485
|
2024-11-21 11:56 |
2017-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
