|
265051
|
9.8 |
CRITICAL
Network
|
apache
|
struts
|
The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.
|
CWE-20
Improper Input Validation
|
CVE-2016-4438
|
2024-11-21 11:52 |
2016-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265052
|
7.5 |
HIGH
Network
|
apache
|
struts
|
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request.
|
CWE-20
Improper Input Validation
|
CVE-2016-4433
|
2024-11-21 11:52 |
2016-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265053
|
7.5 |
HIGH
Network
|
apache
|
struts
|
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method.
|
CWE-20
Improper Input Validation
|
CVE-2016-4431
|
2024-11-21 11:52 |
2016-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265054
|
8.8 |
HIGH
Network
|
apache
|
struts
|
Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.
|
CWE-352
Origin Validation Error
|
CVE-2016-4430
|
2024-11-21 11:52 |
2016-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265055
|
7.3 |
HIGH
Network
|
eaton
|
elcsoft
|
Stack-based buffer overflow in ELCSimulator in Eaton ELCSoft 2.4.01 and earlier allows remote attackers to execute arbitrary code via a long packet.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-4512
|
2024-11-21 11:52 |
2016-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265056
|
6.0 |
MEDIUM
Network
|
eaton
|
elcsoft
|
Heap-based buffer overflow in elcsoft.exe in Eaton ELCSoft 2.4.01 and earlier allows remote authenticated users to execute arbitrary code via a crafted file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-4509
|
2024-11-21 11:52 |
2016-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265057
|
7.8 |
HIGH
Local
|
flexerasoftware
|
installanywhere
|
Untrusted search path vulnerability in Flexera InstallAnywhere allows local users to gain privileges via a Trojan horse DLL in the current working directory of a setup-launcher executable file.
|
NVD-CWE-Other
|
CVE-2016-4560
|
2024-11-21 11:52 |
2016-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265058
|
8.1 |
HIGH
Network
|
libexpat_project
canonical
mcafee
python
|
libexpat
ubuntu_linux
policy_auditor
python
|
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-4472
|
2024-11-21 11:52 |
2016-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265059
|
8.8 |
HIGH
Adjacent
|
redhat
|
openstack
|
The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) director (aka overcloud-full) use a de…
|
CWE-200
CWE-254
Information Exposure
7PK - Security Features
|
CVE-2016-4474
|
2024-11-21 11:52 |
2016-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265060
|
5.5 |
MEDIUM
Local
|
oracle
linux
novell
redhat
|
vm_server
linux
linux_kernel
suse_linux_enterprise_real_time_extension
enterprise_linux_desktop
enterprise_linux_server_aus
enterprise_linux_workstation
enterprise_linux
enter…
|
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of s…
|
NVD-CWE-Other
|
CVE-2016-4470
|
2024-11-21 11:52 |
2016-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
