|
265571
|
6.1 |
MEDIUM
Network
|
sophos
|
cyberoam_cr100ing_utm_firmware
cyberoam_cr35ing_utm_firmware
|
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, CR35iNG UTM appliance with firmware 10.6.2 MR-1 build 383, and CR35i…
|
CWE-79
Cross-site Scripting
|
CVE-2016-3968
|
2024-11-21 11:51 |
2016-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265572
|
6.1 |
MEDIUM
Network
|
xmlsoft
|
libxml2
|
Possible cross-site scripting vulnerability in libxml after commit 960f0e2.
|
CWE-79
Cross-site Scripting
|
CVE-2016-3709
|
2024-11-21 11:50 |
2022-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265573
|
8.1 |
HIGH
Network
|
piwigo
|
piwigo
|
Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaults to usingmt_rand in order to generate password reset tokens. mt_rand output can be predicted afte…
|
CWE-335
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
|
CVE-2016-3735
|
2024-11-21 11:50 |
2022-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265574
|
5.5 |
MEDIUM
Local
|
linux
redhat
|
linux_kernel
enterprise_linux
|
The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disab…
|
CWE-74
Injection
|
CVE-2016-3695
|
2024-11-21 11:50 |
2017-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265575
|
7.5 |
HIGH
Network
|
fedoraproject
pulpproject
|
fedora
pulp
|
Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords.
|
CWE-255
Credentials Management
|
CVE-2016-3704
|
2024-11-21 11:50 |
2017-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265576
|
5.5 |
MEDIUM
Local
|
fedoraproject
pulpproject
|
fedora
pulp
|
The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key.
|
CWE-200
Information Exposure
|
CVE-2016-3696
|
2024-11-21 11:50 |
2017-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265577
|
9.8 |
CRITICAL
Network
|
redhat
|
jboss_enterprise_application_platform
|
The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code via a crafted serialized payload.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2016-3690
|
2024-11-21 11:50 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265578
|
8.8 |
HIGH
Network
|
kallithea-scm
|
kallithea
|
Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method.
|
CWE-352
Origin Validation Error
|
CVE-2016-3691
|
2024-11-21 11:50 |
2017-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265579
|
5.3 |
MEDIUM
Network
|
redhat
|
cloudforms_management_engine
|
Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information.
|
CWE-200
Information Exposure
|
CVE-2016-3702
|
2024-11-21 11:50 |
2017-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265580
|
8.8 |
HIGH
Network
|
moodle
|
moodle
|
Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack t…
|
CWE-352
Origin Validation Error
|
CVE-2016-3734
|
2024-11-21 11:50 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
