|
269861
|
9.8 |
CRITICAL
Network
|
facebook
|
hhvm
|
mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. This issue affects HHVM versions prior to 3.9…
|
CWE-843
Type Confusion
|
CVE-2016-1000005
|
2024-11-21 11:42 |
2020-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269862
|
9.8 |
CRITICAL
Network
|
facebook
|
hhvm
|
Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2016-1000004
|
2024-11-21 11:42 |
2020-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269863
|
9.8 |
CRITICAL
Network
|
vmware
|
spring_framework
|
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented with…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2016-1000027
|
2024-11-21 11:42 |
2020-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269864
|
4.8 |
MEDIUM
Network
|
tenable
|
nessus
|
Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would potentially impact other admins (Tenable IDs 5218 and 5269).
|
CWE-79
Cross-site Scripting
|
CVE-2016-1000029
|
2024-11-21 11:42 |
2019-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269865
|
4.8 |
MEDIUM
Network
|
tenable
|
nessus
|
Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins. (Tenable ID 5198).
|
CWE-79
Cross-site Scripting
|
CVE-2016-1000028
|
2024-11-21 11:42 |
2019-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269866
|
6.1 |
MEDIUM
Network
|
erlang
|
erlang\/otp
|
inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable…
|
CWE-601
Open Redirect
|
CVE-2016-1000107
|
2024-11-21 11:42 |
2019-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269867
|
6.1 |
MEDIUM
Network
|
yaws
debian
|
yaws
debian_linux
|
yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY …
|
CWE-601
Open Redirect
|
CVE-2016-1000108
|
2024-11-21 11:42 |
2019-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269868
|
8.8 |
HIGH
Network
|
apache
opensuse
|
mod_fcgid
leap
opensuse
|
A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.
|
CWE-20
Improper Input Validation
|
CVE-2016-1000104
|
2024-11-21 11:42 |
2019-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269869
|
6.1 |
MEDIUM
Network
|
python
debian
fedoraproject
|
python
debian_linux
fedora
|
The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.
|
CWE-601
Open Redirect
|
CVE-2016-1000110
|
2024-11-21 11:42 |
2019-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269870
|
9.8 |
CRITICAL
Network
|
facebook
|
hhvm
|
hhvm before 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions.
|
CWE-416
Use After Free
|
CVE-2016-1000006
|
2024-11-21 11:42 |
2019-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
