|
265181
|
9.8 |
CRITICAL
Network
|
redhat
debian
|
libvirt
debian_linux
|
libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC sess…
|
CWE-284
Improper Access Control
|
CVE-2016-5008
|
2024-11-21 11:53 |
2016-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265182
|
7.5 |
HIGH
Network
|
apache
|
jms_client_amqp
amqp_0-x_jms_client
|
Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permis…
|
CWE-20
Improper Input Validation
|
CVE-2016-4974
|
2024-11-21 11:53 |
2016-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265183
|
6.5 |
MEDIUM
Network
|
redhat
|
enterprise_linux_desktop
enterprise_linux_workstation
ceph_storage_osd
ceph_storage_mon
enterprise_linux_for_scientific_computing
enterprise_linux_server
ceph
|
The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.
|
CWE-20
Improper Input Validation
|
CVE-2016-5009
|
2024-11-21 11:53 |
2016-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265184
|
7.8 |
HIGH
Local
|
gimp
|
gimp
|
Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a…
|
CWE-416
Use After Free
|
CVE-2016-4994
|
2024-11-21 11:53 |
2016-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265185
|
7.5 |
HIGH
Network
|
redhat
canonical
|
openstack
openstack_ironic
|
The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge…
|
CWE-200
Information Exposure
|
CVE-2016-4985
|
2024-11-21 11:53 |
2016-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265186
|
7.8 |
HIGH
Local
|
linecorp
|
line
line_installer
|
Untrusted search path vulnerability in LINE and LINE Installer 4.7.0 and earlier on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.
|
NVD-CWE-Other
|
CVE-2016-4831
|
2024-11-21 11:53 |
2016-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265187
|
7.5 |
HIGH
Network
|
apache
|
http_server
|
The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which allow…
|
CWE-284
Improper Access Control
|
CVE-2016-4979
|
2024-11-21 11:53 |
2016-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265188
|
6.1 |
MEDIUM
Network
|
phpmyadmin
opensuse
|
phpmyadmin
opensuse
|
Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mish…
|
CWE-79
Cross-site Scripting
|
CVE-2016-5099
|
2024-11-21 11:53 |
2016-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265189
|
5.3 |
MEDIUM
Network
|
phpmyadmin
opensuse
|
phpmyadmin
opensuse
|
Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error.
|
CWE-22
Path Traversal
|
CVE-2016-5098
|
2024-11-21 11:53 |
2016-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265190
|
5.3 |
MEDIUM
Network
|
opensuse
phpmyadmin
|
opensuse
phpmyadmin
|
phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by readin…
|
CWE-200
Information Exposure
|
CVE-2016-5097
|
2024-11-21 11:53 |
2016-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
