|
269331
|
9.8 |
CRITICAL
Network
|
dell
|
emc_unisphere
|
An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname.
|
CWE-20
Improper Input Validation
|
CVE-2016-0889
|
2024-11-21 11:42 |
2016-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269332
|
5.9 |
MEDIUM
Network
|
fedoraproject
opensuse
libssh2
debian
|
fedora
opensuse
libssh2
debian_linux
|
The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH …
|
CWE-200
Information Exposure
|
CVE-2016-0787
|
2024-11-21 11:42 |
2016-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269333
|
4.3 |
MEDIUM
Network
|
openstack
|
image_registry_and_delivery_service_\(glance\)
|
OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload…
|
CWE-284
Improper Access Control
|
CVE-2016-0757
|
2024-11-21 11:42 |
2016-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269334
|
5.9 |
MEDIUM
Network
|
redhat
canonical
libssh
fedoraproject
debian
|
enterprise_linux
ubuntu_linux
libssh
fedora
debian_linux
|
libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for man-i…
|
CWE-200
Information Exposure
|
CVE-2016-0739
|
2024-11-21 11:42 |
2016-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269335
|
6.5 |
MEDIUM
Network
|
python
debian
|
pillow
debian_linux
|
Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-0775
|
2024-11-21 11:42 |
2016-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269336
|
6.5 |
MEDIUM
Network
|
python
debian
|
pillow
debian_linux
|
Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-0740
|
2024-11-21 11:42 |
2016-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269337
|
5.9 |
MEDIUM
Network
|
dell
|
bsafe_crypto-j
bsafe_ssl-c
bsafe_crypto-c-micro-edition
bsafe_micro-edition-suite
bsafe_ssl-j
|
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2…
|
CWE-200
Information Exposure
|
CVE-2016-0887
|
2024-11-21 11:42 |
2016-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269338
|
8.8 |
HIGH
Network
|
apache
|
struts
|
Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.
|
CWE-20
Improper Input Validation
|
CVE-2016-0785
|
2024-11-21 11:42 |
2016-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269339
|
9.8 |
CRITICAL
Network
|
apache
|
ranger
|
The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password, which allows remote attackers to bypass authentication by leveraging knowledge of a v…
|
CWE-287
Improper Authentication
|
CVE-2016-0733
|
2024-11-21 11:42 |
2016-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269340
|
8.8 |
HIGH
Network
|
apache
|
ranger
|
Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to bypass intended parent resource-level access restrictions by leveraging mishandling of a resource-level exclude policy.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-0735
|
2024-11-21 11:42 |
2016-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
