|
270151
|
9.8 |
CRITICAL
Network
|
gentoo
|
portage
|
In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-w…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2016-20021
|
2024-11-21 11:47 |
2024-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270152
|
7.5 |
HIGH
Network
|
knexjs
|
knex
|
Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query.
|
CWE-89
SQL Injection
|
CVE-2016-20018
|
2024-11-21 11:47 |
2022-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270153
|
9.8 |
CRITICAL
Network
|
dlink
|
dsl-2750b_firmware
|
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022.
|
CWE-77
Command Injection
|
CVE-2016-20017
|
2024-11-21 11:47 |
2022-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270154
|
9.8 |
CRITICAL
Network
|
mvpower
|
tv-7104he_firmware
tv7108he_firmware
|
MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating sy…
|
NVD-CWE-noinfo
|
CVE-2016-20016
|
2024-11-21 11:47 |
2022-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270155
|
7.5 |
HIGH
Network
|
smokeping
|
smokeping
|
In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokeping user to gain ownership of any file, allowing for the smokeping user to gain root privileg…
|
NVD-CWE-noinfo
|
CVE-2016-20015
|
2024-11-21 11:47 |
2022-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270156
|
6.4 |
MEDIUM
Network
|
kippo-graph_project
|
kippo-graph
|
In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in $file_link in class/KippoInput.class.php.
|
CWE-79
Cross-site Scripting
|
CVE-2016-2139
|
2024-11-21 11:47 |
2022-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270157
|
6.4 |
MEDIUM
Network
|
kippo-graph_project
|
kippo-graph
|
In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in xss_clean() in class/KippoInput.class.php.
|
CWE-79
Cross-site Scripting
|
CVE-2016-2138
|
2024-11-21 11:47 |
2022-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270158
|
9.8 |
CRITICAL
Network
|
pam_tacplus_project
|
pam_tacplus
|
In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.
|
NVD-CWE-Other
|
CVE-2016-20014
|
2024-11-21 11:47 |
2022-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270159
|
7.5 |
HIGH
Network
|
sha256crypt_project
sha512crypt_project
|
sha256crypt
sha512crypt
|
sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2016-20013
|
2024-11-21 11:47 |
2022-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270160
|
5.9 |
MEDIUM
Network
|
samba
debian
fedoraproject
redhat
canonical
|
samba
debian_linux
fedora
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_for_scientific_computing
enterprise_linux
enterprise_linux_server
enterprise_l…
|
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
|
CWE-287
Improper Authentication
|
CVE-2016-2124
|
2024-11-21 11:47 |
2022-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
