|
265391
|
7.8 |
HIGH
Local
|
gnu
|
libiberty
|
Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.
|
CWE-119
CWE-190
Incorrect Access of Indexable Resource ('Range Error')
Integer Overflow or Wraparound
|
CVE-2016-2226
|
2024-11-21 11:48 |
2017-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265392
|
6.1 |
MEDIUM
Network
|
adcon_telemetry
|
a850_telemetry_gateway_base_station_firmware
|
An issue was discovered in Adcon Telemetry A850 Telemetry Gateway Base Station. The Web Interface does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the out…
|
CWE-79
Cross-site Scripting
|
CVE-2016-2274
|
2024-11-21 11:48 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265393
|
9.8 |
CRITICAL
Network
|
puppet
|
marionette_collective
puppet_enterprise
|
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.
|
CWE-284
Improper Access Control
|
CVE-2016-2788
|
2024-11-21 11:48 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265394
|
5.3 |
MEDIUM
Network
|
puppetlabs
puppet
|
puppet_enterprise
|
The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs…
|
CWE-284
Improper Access Control
|
CVE-2016-2787
|
2024-11-21 11:48 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265395
|
7.8 |
HIGH
Local
|
freedesktop
redhat
|
polkit
enterprise_linux
|
pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2016-2568
|
2024-11-21 11:48 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265396
|
4.3 |
MEDIUM
Network
|
ibm
|
rational_collaborative_lifecycle_management
|
An unspecified vulnerability in IBM Jazz Team Server may disclose some deployment information to an authenticated user.
|
CWE-200
Information Exposure
|
CVE-2016-2866
|
2024-11-21 11:48 |
2017-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265397
|
9.8 |
CRITICAL
Network
|
sensiolabs
|
symfony
|
Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind.
|
CWE-287
Improper Authentication
|
CVE-2016-2403
|
2024-11-21 11:48 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265398
|
6.5 |
MEDIUM
Local
|
gnu
|
coreutils
|
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
|
CWE-20
Improper Input Validation
|
CVE-2016-2781
|
2024-11-21 11:48 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265399
|
7.8 |
HIGH
Local
|
kernel
|
util-linux
|
runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-2779
|
2024-11-21 11:48 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265400
|
8.8 |
HIGH
Network
|
atutor
|
atutor
|
Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files an…
|
CWE-352
Origin Validation Error
|
CVE-2016-2539
|
2024-11-21 11:48 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
