|
269061
|
8.1 |
HIGH
Network
|
dlink
|
dgs-1100_firmware
|
D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2016-10125
|
2024-11-21 11:43 |
2017-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269062
|
8.6 |
HIGH
Network
|
linuxcontainers
|
lxc
|
An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push c…
|
CWE-284
Improper Access Control
|
CVE-2016-10124
|
2024-11-21 11:43 |
2017-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269063
|
8.1 |
HIGH
Network
|
schedmd
|
slurm
|
The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure o…
|
CWE-284
Improper Access Control
|
CVE-2016-10030
|
2024-11-21 11:43 |
2017-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269064
|
7.8 |
HIGH
Local
|
openbsd
|
openssh
|
The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local use…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-10012
|
2024-11-21 11:43 |
2017-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269065
|
5.5 |
MEDIUM
Local
|
openbsd
|
openssh
|
authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging …
|
CWE-320
Key Management Errors
|
CVE-2016-10011
|
2024-11-21 11:43 |
2017-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269066
|
7.0 |
HIGH
Local
|
openbsd
|
openssh
|
sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-10010
|
2024-11-21 11:43 |
2017-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269067
|
7.3 |
HIGH
Network
|
openbsd
|
openssh
|
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-s…
|
CWE-426
Untrusted Search Path
|
CVE-2016-10009
|
2024-11-21 11:43 |
2017-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269068
|
8.1 |
HIGH
Network
|
netgear
|
arlo_base_station_firmware
arlo_q_camera_firmware
arlo_q_plus_camera_firmware
|
NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier use a pattern of adj…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-10116
|
2024-11-21 11:43 |
2017-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269069
|
9.8 |
CRITICAL
Network
|
netgear
|
arlo_base_station_firmware
arlo_q_camera_firmware
arlo_q_plus_camera_firmware
|
NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default passw…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2016-10115
|
2024-11-21 11:43 |
2017-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269070
|
9.8 |
CRITICAL
Network
|
awebsupport
|
aweb_cart_watching_system_for_virtuemart
|
SQL injection vulnerability in the "aWeb Cart Watching System for Virtuemart" extension before 2.6.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via vectors involving catego…
|
CWE-89
SQL Injection
|
CVE-2016-10114
|
2024-11-21 11:43 |
2017-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
