|
264761
|
9.8 |
CRITICAL
Network
|
dropbear_ssh_project
|
dropbear_ssh
|
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.
|
CWE-20
Improper Input Validation
|
CVE-2016-7406
|
2024-11-21 11:57 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264762
|
6.5 |
MEDIUM
Network
|
matrixssl
|
matrixssl
|
TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL before 3.8.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted message.
|
CWE-125
Out-of-bounds Read
|
CVE-2016-6884
|
2024-11-21 11:57 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264763
|
5.9 |
MEDIUM
Network
|
matrixssl
|
matrixssl
|
MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack.
|
CWE-200
Information Exposure
|
CVE-2016-6883
|
2024-11-21 11:57 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264764
|
5.9 |
MEDIUM
Network
|
matrixssl
|
matrixssl
|
MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack.
|
CWE-200
CWE-320
Information Exposure
Key Management Errors
|
CVE-2016-6882
|
2024-11-21 11:57 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264765
|
4.7 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via u…
|
CWE-79
Cross-site Scripting
|
CVE-2016-7111
|
2024-11-21 11:57 |
2017-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264766
|
5.5 |
MEDIUM
Local
|
libav
|
libav
|
Stack-based buffer overflow in the aac_sync function in aac_parser.c in Libav before 11.5 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
|
CWE-125
Out-of-bounds Read
|
CVE-2016-7393
|
2024-11-21 11:57 |
2017-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264767
|
5.5 |
MEDIUM
Local
|
autotrace_project
|
autotrace
|
Heap-based buffer overflow in the pstoedit_suffix_table_init function in output-pstoedit.c in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted…
|
CWE-787
Out-of-bounds Write
|
CVE-2016-7392
|
2024-11-21 11:57 |
2017-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264768
|
9.8 |
CRITICAL
Network
|
exponentcms
|
exponent_cms
|
Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action,…
|
CWE-89
SQL Injection
|
CVE-2016-7400
|
2024-11-21 11:57 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264769
|
7.5 |
HIGH
Network
|
libtorrent
|
libtorrent
|
The construct function in puff.cpp in Libtorrent 1.1.0 allows remote torrent trackers to cause a denial of service (segmentation fault and crash) via a crafted GZIP response.
|
CWE-20
Improper Input Validation
|
CVE-2016-7164
|
2024-11-21 11:57 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264770
|
6.1 |
MEDIUM
Network
|
plone
|
plone
|
Cross-site scripting (XSS) vulnerability in the manage_findResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary w…
|
CWE-79
Cross-site Scripting
|
CVE-2016-7147
|
2024-11-21 11:57 |
2017-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
