|
265841
|
6.1 |
MEDIUM
Network
|
drupal
|
drupal
|
Cross-site scripting (XSS) vulnerability in Drupal 8.x before 8.1.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an HTTP exception.
|
CWE-79
Cross-site Scripting
|
CVE-2016-7571
|
2024-11-21 11:58 |
2016-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265842
|
4.3 |
MEDIUM
Network
|
drupal
|
drupal
|
Drupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging righ…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-7570
|
2024-11-21 11:58 |
2016-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265843
|
7.5 |
HIGH
Network
|
uclouvain
opensuse
|
openjpeg
leap
|
convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.
|
CWE-476
NULL Pointer Dereference
|
CVE-2016-7445
|
2024-11-21 11:58 |
2016-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265844
|
4.4 |
MEDIUM
Local
|
sophos
|
unified_threat_management_software
|
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in …
|
CWE-200
Information Exposure
|
CVE-2016-7442
|
2024-11-21 11:58 |
2016-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265845
|
9.8 |
CRITICAL
Network
|
libgd
php
debian
|
libgd
php
debian_linux
|
Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2016-7568
|
2024-11-21 11:58 |
2016-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265846
|
6.5 |
MEDIUM
Network
|
openstack
|
compute_\(nova\)
|
OpenStack Compute (nova) 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances wh…
|
CWE-399
Resource Management Errors
|
CVE-2016-7498
|
2024-11-21 11:58 |
2016-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265847
|
7.5 |
HIGH
Network
|
gnu
|
gnutls
|
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-7444
|
2024-11-21 11:58 |
2016-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265848
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service (inva…
|
NVD-CWE-noinfo
|
CVE-2016-7549
|
2024-11-21 11:58 |
2016-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265849
|
7.5 |
HIGH
Network
|
pritunl
|
pritunl-client
|
A flaw was found in pritunl-client before version 1.0.1116.6. A lack of signature verification leads to sensitive information leakage
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2016-7064
|
2024-11-21 11:57 |
2020-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265850
|
9.8 |
CRITICAL
Network
|
pritunl
|
pritunl-client
|
A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrary write to user specified path may lead to privilege escalation.
|
CWE-22
Path Traversal
|
CVE-2016-7063
|
2024-11-21 11:57 |
2020-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
