|
268591
|
8.1 |
HIGH
Network
|
product-monitor_project
|
product-monitor
|
product-monitor is a HTML/JavaScript template for monitoring a product by encouraging product developers to gather all the information about the status of a product, including live monitoring, statis…
|
CWE-310
Cryptographic Issues
|
CVE-2016-10567
|
2024-11-21 11:44 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268592
|
8.1 |
HIGH
Network
|
groupon
|
selenium-download
|
selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable…
|
CWE-310
Cryptographic Issues
|
CVE-2016-10559
|
2024-11-21 11:44 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268593
|
8.1 |
HIGH
Network
|
aerospike
|
aerospike
|
aerospike is an Aerospike add-on module for Node.js. aerospike versions below 2.4.2 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to caus…
|
CWE-310
Cryptographic Issues
|
CVE-2016-10558
|
2024-11-21 11:44 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268594
|
7.5 |
HIGH
Network
|
sequelizejs
|
sequelize
|
sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microso…
|
CWE-89
SQL Injection
|
CVE-2016-10556
|
2024-11-21 11:44 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268595
|
9.8 |
CRITICAL
Network
|
balderdash
|
waterline-sequel
|
waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's `like`, `contains`, `startsWith`, or `endsWith` will end up in waterline-s…
|
CWE-89
SQL Injection
|
CVE-2016-10551
|
2024-11-21 11:44 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268596
|
9.8 |
CRITICAL
Network
|
dwyl
|
hapi-auth-jwt2
|
When attempting to allow authentication mode `try` in hapi, hapi-auth-jwt2 version 5.1.1 introduced an issue whereby people could bypass authentication.
|
CWE-287
Improper Authentication
|
CVE-2016-10525
|
2024-11-21 11:44 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268597
|
9.8 |
CRITICAL
Network
|
partclone_project
|
partclone
|
partclone.fat in Partclone before 0.2.88 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the FAT superblock, related to the mark_reserved_sectors function. An…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-10722
|
2024-11-21 11:44 |
2018-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268598
|
9.8 |
CRITICAL
Network
|
partclone
|
partclone
|
partclone.restore in Partclone 0.2.87 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to execute arbitrary…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-10721
|
2024-11-21 11:44 |
2018-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268599
|
9.8 |
CRITICAL
Network
|
qualcomm
|
mdm9635m_firmware
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, made changes to map the scan type value to an index value that is in range.
|
CWE-118
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-10495
|
2024-11-21 11:44 |
2018-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268600
|
9.8 |
CRITICAL
Network
|
qualcomm
|
sd_400_firmware
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400, lack of address argument validation in qsee_get_tz_app_name() may lead to an untrusted pointer deref…
|
CWE-476
NULL Pointer Dereference
|
CVE-2016-10489
|
2024-11-21 11:44 |
2018-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
