|
268661
|
7.8 |
HIGH
Local
|
malwarebytes
|
malwarebytes_anti-malware
|
A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting f…
|
CWE-254
7PK - Security Features
|
CVE-2016-10717
|
2024-11-21 11:44 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268662
|
5.4 |
MEDIUM
Network
|
mail.ru
|
calendar
|
The Mail.ru Calendar plugin before 2.5.0.61 for Atlassian Jira has XSS via the Name field in a Create Calender action, related to a MailRuCalendar.jspa#period/month URI.
|
CWE-79
Cross-site Scripting
|
CVE-2016-10716
|
2024-11-21 11:44 |
2018-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268663
|
5.4 |
MEDIUM
Network
|
artezio
|
kanban_board
|
The Artezio Kanban Board plugin 1.4 revision 1914 for Atlassian Jira has XSS via the Board Name in a Create New Board action, related to an artezioboard/mainPage.jspa?kanbanId=7#/kanban-view URI.
|
CWE-79
Cross-site Scripting
|
CVE-2016-10715
|
2024-11-21 11:44 |
2018-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268664
|
9.8 |
CRITICAL
Network
|
zsh
canonical
|
zsh
ubuntu_linux
|
In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters.
|
CWE-189
Numeric Errors
|
CVE-2016-10714
|
2024-11-21 11:44 |
2018-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268665
|
5.5 |
MEDIUM
Local
|
gnu
|
patch
|
An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-10713
|
2024-11-21 11:44 |
2018-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268666
|
7.5 |
HIGH
Network
|
php
canonical
|
php
ubuntu_linux
|
In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For exa…
|
CWE-20
Improper Input Validation
|
CVE-2016-10712
|
2024-11-21 11:44 |
2018-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268667
|
9.8 |
CRITICAL
Network
|
debian
apsis
|
debian_linux
pound
|
Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751.
|
CWE-444
HTTP Request Smuggling
|
CVE-2016-10711
|
2024-11-21 11:44 |
2018-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268668
|
8.1 |
HIGH
Network
|
biscom
|
secure_file_transfer
|
Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files vi…
|
CWE-20
Improper Input Validation
|
CVE-2016-10710
|
2024-11-21 11:44 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268669
|
8.8 |
HIGH
Network
|
pfsense
|
pfsense
|
pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.
|
CWE-78
OS Command
|
CVE-2016-10709
|
2024-11-21 11:44 |
2018-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268670
|
7.5 |
HIGH
Network
|
openbsd
debian
canonical
netapp
|
openssh
debian_linux
ubuntu_linux
storagegrid_webscale
cloud_backup
data_ontap_edge
storagegrid
clustered_data_ontap
service_processor
oncommand_unified_manager
data_ont…
|
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, relat…
|
CWE-476
NULL Pointer Dereference
|
CVE-2016-10708
|
2024-11-21 11:44 |
2018-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
