|
265251
|
5.0 |
MEDIUM
Network
|
theforeman
|
foreman
|
The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restricti…
|
CWE-254
7PK - Security Features
|
CVE-2016-4451
|
2024-11-21 11:52 |
2016-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265252
|
7.8 |
HIGH
Local
|
apple
|
iphone_os
|
IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
|
CWE-264
CWE-119
Permissions, Privileges, and Access Controls
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-4654
|
2024-11-21 11:52 |
2016-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265253
|
8.8 |
HIGH
Network
|
apache
|
archiva
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add new repo…
|
CWE-352
Origin Validation Error
|
CVE-2016-4469
|
2024-11-21 11:52 |
2016-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265254
|
7.3 |
HIGH
Network
|
rockwellautomation
|
factorytalk_energrymetrix
|
Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattend…
|
CWE-285
Improper Authorization
|
CVE-2016-4531
|
2024-11-21 11:52 |
2016-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265255
|
9.8 |
CRITICAL
Network
|
rockwellautomation
|
factorytalk_energrymetrix
|
SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2016-4522
|
2024-11-21 11:52 |
2016-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265256
|
7.8 |
HIGH
Local
|
apple
|
iphone_os
tvos
mac_os_x
watchos
|
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspe…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-4653
|
2024-11-21 11:52 |
2016-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265257
|
6.3 |
MEDIUM
Local
|
apple
|
mac_os_x
|
CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read), vi…
|
CWE-264
CWE-125
Permissions, Privileges, and Access Controls
Out-of-bounds Read
|
CVE-2016-4652
|
2024-11-21 11:52 |
2016-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265258
|
6.1 |
MEDIUM
Network
|
apple
|
iphone_os
safari
|
Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a craft…
|
CWE-79
Cross-site Scripting
|
CVE-2016-4651
|
2024-11-21 11:52 |
2016-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265259
|
5.5 |
MEDIUM
Local
|
apple
|
mac_os_x
|
Audio in Apple OS X before 10.11.6 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
|
CWE-476
NULL Pointer Dereference
|
CVE-2016-4649
|
2024-11-21 11:52 |
2016-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265260
|
5.5 |
MEDIUM
Local
|
apple
|
mac_os_x
|
Audio in Apple OS X before 10.11.6 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2016-4648
|
2024-11-21 11:52 |
2016-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
