|
264581
|
6.7 |
MEDIUM
Local
|
qemu
canonical
debian
|
qemu
ubuntu_linux
debian_linux
|
The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service (ou…
|
NVD-CWE-noinfo
|
CVE-2016-6351
|
2024-11-21 11:55 |
2016-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264582
|
7.5 |
HIGH
Network
|
redhat
|
resteasy
|
RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2016-6346
|
2024-11-21 11:55 |
2016-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264583
|
6.5 |
MEDIUM
Network
|
redhat
|
resteasy
|
RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs.
|
CWE-200
Information Exposure
|
CVE-2016-6345
|
2024-11-21 11:55 |
2016-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264584
|
5.3 |
MEDIUM
Network
|
redhat
|
jboss_bpm_suite
|
Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to obtain potentially sensitive information via…
|
CWE-200
Information Exposure
|
CVE-2016-6344
|
2024-11-21 11:55 |
2016-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264585
|
8.8 |
HIGH
Local
|
ibm
|
mq_appliance_firmware
|
MQCLI on IBM MQ Appliance M2000 and M2001 devices allows local users to execute arbitrary shell commands via a crafted (1) Disaster Recovery or (2) High Availability command.
|
CWE-20
Improper Input Validation
|
CVE-2016-5879
|
2024-11-21 11:55 |
2016-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264586
|
5.3 |
MEDIUM
Network
|
latchset
|
jwcrypto
|
The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain clearte…
|
CWE-200
Information Exposure
|
CVE-2016-6298
|
2024-11-21 11:55 |
2016-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264587
|
9.8 |
CRITICAL
Network
|
vbulletin
|
vbulletin
|
SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via…
|
CWE-89
SQL Injection
|
CVE-2016-6195
|
2024-11-21 11:55 |
2016-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264588
|
7.8 |
HIGH
Local
|
cisco
|
anyconnect_secure_mobility_client
|
Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-6369
|
2024-11-21 11:55 |
2016-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264589
|
5.9 |
MEDIUM
Network
|
kaspersky
|
safe_browser
|
Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate.
|
CWE-200
Information Exposure
|
CVE-2016-6231
|
2024-11-21 11:55 |
2016-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264590
|
3.3 |
LOW
Local
|
moxa
|
oncell_g3001_firmware
oncell_g3100v2_firmware
|
Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 use cleartext password storage, which makes it easier for local users to obtain sensitive information by r…
|
CWE-200
Information Exposure
|
CVE-2016-5812
|
2024-11-21 11:55 |
2016-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
