|
265541
|
4.8 |
MEDIUM
Network
|
dotcms
|
dotcms
|
Cross-site scripting (XSS) vulnerability in lucene_search.jsp in dotCMS before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to c/portal/layout.
|
CWE-79
Cross-site Scripting
|
CVE-2016-3971
|
2024-11-21 11:51 |
2016-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265542
|
5.5 |
MEDIUM
Local
|
opensuse
|
leap
opensuse
|
The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-4036
|
2024-11-21 11:51 |
2016-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265543
|
6.5 |
MEDIUM
Network
|
huawei
|
ar3200_firmware
|
Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets.
|
CWE-20
Improper Input Validation
|
CVE-2016-3950
|
2024-11-21 11:51 |
2016-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265544
|
5.5 |
MEDIUM
Local
|
canonical
xen
|
ubuntu_linux
xen
|
Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to…
|
CWE-20
Improper Input Validation
|
CVE-2016-3961
|
2024-11-21 11:51 |
2016-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265545
|
7.3 |
HIGH
Network
|
sap
|
hana
|
The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and …
|
CWE-284
Improper Access Control
|
CVE-2016-4018
|
2024-11-21 11:51 |
2016-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265546
|
7.5 |
HIGH
Network
|
sap
|
hana
|
The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of service (process crash) via unspecified vectors, aka SAP Security Note 2262710.
|
NVD-CWE-noinfo
|
CVE-2016-4017
|
2024-11-21 11:51 |
2016-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265547
|
6.1 |
MEDIUM
Network
|
sap
|
java_as
|
Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remote attackers to inject arbitrary web script or HTML via the title par…
|
CWE-79
Cross-site Scripting
|
CVE-2016-4016
|
2024-11-21 11:51 |
2016-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265548
|
7.5 |
HIGH
Network
|
sap
|
netweaver
|
The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784.
|
NVD-CWE-noinfo
|
CVE-2016-4015
|
2024-11-21 11:51 |
2016-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265549
|
8.6 |
HIGH
Network
|
sap
|
netweaver
|
XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to ud…
|
NVD-CWE-Other
|
CVE-2016-4014
|
2024-11-21 11:51 |
2016-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265550
|
9.8 |
CRITICAL
Network
|
python
|
pillow
|
Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, whic…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-4009
|
2024-11-21 11:51 |
2016-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
