|
266521
|
5.3 |
MEDIUM
Network
|
suricata-ids
|
suricata
|
An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error packet is received as the first packet on a flow in the to_client direction, it confuses the rule grouping lookup logic. The tocli…
|
CWE-20
Improper Input Validation
|
CVE-2016-10728
|
2024-11-21 11:44 |
2018-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266522
|
9.8 |
CRITICAL
Network
|
canonical
gnome
|
ubuntu_linux
evolution
|
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS …
|
CWE-200
Information Exposure
|
CVE-2016-10727
|
2024-11-21 11:44 |
2018-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266523
|
7.5 |
HIGH
Network
|
duraspace
|
dspace
|
The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a path…
|
CWE-22
Path Traversal
|
CVE-2016-10726
|
2024-11-21 11:44 |
2018-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266524
|
7.5 |
HIGH
Network
|
bitcoin
|
bitcoin_core
bitcoin-qt
bitcoind
|
In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all other alerts) because operations occur in the wrong order. This behavio…
|
CWE-310
Cryptographic Issues
|
CVE-2016-10725
|
2024-11-21 11:44 |
2018-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266525
|
7.5 |
HIGH
Network
|
bitcoin
|
bitcoin_core
bitcoin-qt
bitcoind
|
Bitcoin Core before v0.13.0 allows denial of service (memory exhaustion) triggered by the remote network alert system (deprecated since Q1 2016) if an attacker can sign a message with a certain priva…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2016-10724
|
2024-11-21 11:44 |
2018-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266526
|
8.8 |
HIGH
Network
|
rails_admin_project
|
rails_admin
|
rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access…
|
CWE-352
Origin Validation Error
|
CVE-2016-10522
|
2024-11-21 11:44 |
2018-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266527
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up t…
|
CWE-399
Resource Management Errors
|
CVE-2016-10723
|
2024-11-21 11:44 |
2018-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266528
|
8.1 |
HIGH
Network
|
react-native-baidu-voice-synthesizer_project
|
react-native-baidu-voice-synthesizer
|
react-native-baidu-voice-synthesizer is a baidu voice speech synthesizer for react native. react-native-baidu-voice-synthesizer downloads resources over HTTP, which leaves it vulnerable to MITM attac…
|
CWE-310
Cryptographic Issues
|
CVE-2016-10697
|
2024-11-21 11:44 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266529
|
8.1 |
HIGH
Network
|
windows-latestchromedriver_project
|
windows-latestchromedriver
|
windows-latestchromedriver downloads the latest version of chromedriver.exe. windows-latestchromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be pos…
|
CWE-310
Cryptographic Issues
|
CVE-2016-10696
|
2024-11-21 11:44 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266530
|
8.1 |
HIGH
Network
|
mapbox
|
npm-test-sqlite3-trunk
|
The npm-test-sqlite3-trunk module provides asynchronous, non-blocking SQLite3 bindings. npm-test-sqlite3-trunk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may…
|
CWE-310
Cryptographic Issues
|
CVE-2016-10695
|
2024-11-21 11:44 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
