|
266471
|
6.5 |
MEDIUM
Network
|
python
debian
|
pillow
debian_linux
|
Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-0775
|
2024-11-21 11:42 |
2016-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266472
|
6.5 |
MEDIUM
Network
|
python
debian
|
pillow
debian_linux
|
Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-0740
|
2024-11-21 11:42 |
2016-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266473
|
5.9 |
MEDIUM
Network
|
dell
|
bsafe_crypto-j
bsafe_ssl-c
bsafe_crypto-c-micro-edition
bsafe_micro-edition-suite
bsafe_ssl-j
|
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2…
|
CWE-200
Information Exposure
|
CVE-2016-0887
|
2024-11-21 11:42 |
2016-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266474
|
8.8 |
HIGH
Network
|
apache
|
struts
|
Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.
|
CWE-20
Improper Input Validation
|
CVE-2016-0785
|
2024-11-21 11:42 |
2016-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266475
|
9.8 |
CRITICAL
Network
|
apache
|
ranger
|
The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password, which allows remote attackers to bypass authentication by leveraging knowledge of a v…
|
CWE-287
Improper Authentication
|
CVE-2016-0733
|
2024-11-21 11:42 |
2016-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266476
|
8.8 |
HIGH
Network
|
apache
|
ranger
|
Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to bypass intended parent resource-level access restrictions by leveraging mishandling of a resource-level exclude policy.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-0735
|
2024-11-21 11:42 |
2016-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266477
|
6.5 |
MEDIUM
Network
|
apache
|
openmeetings
|
Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a ..…
|
CWE-22
Path Traversal
|
CVE-2016-0784
|
2024-11-21 11:42 |
2016-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266478
|
7.5 |
HIGH
Network
|
apache
|
openmeetings
|
The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging…
|
CWE-200
Information Exposure
|
CVE-2016-0783
|
2024-11-21 11:42 |
2016-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266479
|
6.1 |
MEDIUM
Network
|
apache
|
jetspeed
|
Cross-site scripting (XSS) vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to portal.
|
CWE-79
Cross-site Scripting
|
CVE-2016-0712
|
2024-11-21 11:42 |
2016-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266480
|
6.1 |
MEDIUM
Network
|
apache
|
jetspeed
|
Multiple cross-site scripting (XSS) vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a (1) link, (2) p…
|
CWE-79
Cross-site Scripting
|
CVE-2016-0711
|
2024-11-21 11:42 |
2016-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
