|
264931
|
4.8 |
MEDIUM
Network
|
apache
|
ranger
|
Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web scr…
|
CWE-79
Cross-site Scripting
|
CVE-2016-5395
|
2024-11-21 11:54 |
2016-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264932
|
7.5 |
HIGH
Network
|
powerdns
|
authoritative
|
PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . (dot) inside labels, which allows remote attackers to cause a denial of service (backend CPU consumption) via a cra…
|
CWE-399
Resource Management Errors
|
CVE-2016-5427
|
2024-11-21 11:54 |
2016-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264933
|
7.5 |
HIGH
Network
|
powerdns
|
authoritative
|
PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname.
|
CWE-399
Resource Management Errors
|
CVE-2016-5426
|
2024-11-21 11:54 |
2016-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264934
|
7.5 |
HIGH
Network
|
redhat
oracle
libarchive
|
enterprise_linux_hpc_node
enterprise_linux_desktop
enterprise_linux_server
enterprise_linux_workstation
linux
openshift
libarchive
enterprise_linux_server_aus
enterprise_linux…
|
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive fil…
|
CWE-20
CWE-19
Improper Input Validation
Data Processing Errors
|
CVE-2016-5418
|
2024-11-21 11:54 |
2016-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264935
|
6.5 |
MEDIUM
Network
|
freeipa
oracle
fedoraproject
|
freeipa
linux
fedora
|
The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certifi…
|
CWE-284
Improper Access Control
|
CVE-2016-5404
|
2024-11-21 11:54 |
2016-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264936
|
8.8 |
HIGH
Network
|
redhat
|
jboss_operations_network
|
The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain admi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-5422
|
2024-11-21 11:54 |
2016-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264937
|
5.3 |
MEDIUM
Network
|
jose-php_project
|
jose-php
|
The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain clea…
|
CWE-310
CWE-200
Cryptographic Issues
Information Exposure
|
CVE-2016-5430
|
2024-11-21 11:54 |
2016-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264938
|
3.7 |
LOW
Network
|
jose-php_project
|
jose-php
|
jose-php before 2.2.1 does not use constant-time operations for HMAC comparison, which makes it easier for remote attackers to obtain sensitive information via a timing attack, related to JWE.php and…
|
CWE-200
Information Exposure
|
CVE-2016-5429
|
2024-11-21 11:54 |
2016-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264939
|
6.1 |
MEDIUM
Network
|
python
|
python
|
CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP…
|
CWE-113
HTTP Response Splitting
|
CVE-2016-5699
|
2024-11-21 11:54 |
2016-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264940
|
9.8 |
CRITICAL
Network
|
python
|
python
|
Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negat…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2016-5636
|
2024-11-21 11:54 |
2016-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
