|
265871
|
8.1 |
HIGH
Network
|
tuxfamily
|
chrony
|
chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arb…
|
CWE-254
7PK - Security Features
|
CVE-2016-1567
|
2024-11-21 11:46 |
2016-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265872
|
6.1 |
MEDIUM
Adjacent
|
lenovo
|
shareit
|
The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by leveragi…
|
CWE-284
Improper Access Control
|
CVE-2016-1492
|
2024-11-21 11:46 |
2016-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265873
|
8.8 |
HIGH
Adjacent
|
lenovo
|
shareit
|
The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by lev…
|
CWE-255
Credentials Management
|
CVE-2016-1491
|
2024-11-21 11:46 |
2016-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265874
|
4.1 |
MEDIUM
Adjacent
|
lenovo
|
shareit
|
The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list.
|
CWE-200
Information Exposure
|
CVE-2016-1490
|
2024-11-21 11:46 |
2016-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265875
|
8.0 |
HIGH
Adjacent
|
lenovo
|
shareit
|
Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in cleartext, which allows remote attackers to (1) obtain sensitive information by sniffing the network…
|
CWE-200
CWE-254
Information Exposure
7PK - Security Features
|
CVE-2016-1489
|
2024-11-21 11:46 |
2016-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265876
|
7.8 |
HIGH
Local
|
debian
|
fuse
|
An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-1233
|
2024-11-21 11:46 |
2016-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265877
|
6.1 |
MEDIUM
Network
|
cisco
|
unified_contact_center_express
|
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via ve…
|
CWE-79
Cross-site Scripting
|
CVE-2016-1298
|
2024-11-21 11:46 |
2016-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265878
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Multiple unspecified vulnerabilities in Google Chrome before 48.0.2564.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2016-1620
|
2024-11-21 11:46 |
2016-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265879
|
7.6 |
HIGH
Network
|
google
|
chrome
|
Multiple integer overflows in the (1) sycc422_to_rgb and (2) sycc444_to_rgb functions in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attac…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-1619
|
2024-11-21 11:46 |
2016-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265880
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat …
|
CWE-310
CWE-200
Cryptographic Issues
Information Exposure
|
CVE-2016-1618
|
2024-11-21 11:46 |
2016-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
