|
264741
|
5.5 |
MEDIUM
Local
|
libtiff
debian
|
libtiff
debian_linux
|
The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.
|
CWE-125
Out-of-bounds Read
|
CVE-2016-5315
|
2024-11-21 11:54 |
2017-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264742
|
8.8 |
HIGH
Network
|
netapp
|
data_ontap
|
NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL e…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-5374
|
2024-11-21 11:54 |
2017-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264743
|
6.1 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2016-5364
|
2024-11-21 11:54 |
2017-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264744
|
7.5 |
HIGH
Network
|
gnu
|
glibc
|
Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (me…
|
CWE-399
Resource Management Errors
|
CVE-2016-5417
|
2024-11-21 11:54 |
2017-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264745
|
8.8 |
HIGH
Network
|
simplemachines
|
simple_machines_forum
|
LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input…
|
CWE-94
Code Injection
|
CVE-2016-5727
|
2024-11-21 11:54 |
2017-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264746
|
9.8 |
CRITICAL
Network
|
simplemachines
|
simple_machines_forum
|
Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter.
|
CWE-94
Code Injection
|
CVE-2016-5726
|
2024-11-21 11:54 |
2017-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264747
|
9.8 |
CRITICAL
Network
|
netapp
|
virtual_storage_console_for_vmware_vsphere
|
NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2016-5711
|
2024-11-21 11:54 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264748
|
6.3 |
MEDIUM
Network
|
netapp
|
snap_creator_framework
|
Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allows remote attackers to hijack the authentication of users for requests that have unspecified impact…
|
CWE-352
Origin Validation Error
|
CVE-2016-5372
|
2024-11-21 11:54 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264749
|
5.5 |
MEDIUM
Local
|
pacman_project
|
pacman
|
libalpm, as used in pacman 5.0.1, allows remote attackers to cause a denial of service (infinite loop or out-of-bounds read) via a crafted signature file.
|
CWE-399
CWE-125
Resource Management Errors
Out-of-bounds Read
|
CVE-2016-5434
|
2024-11-21 11:54 |
2017-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264750
|
9.8 |
CRITICAL
Network
|
sixapart
|
movable_type
movable_type_open_source
|
SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers t…
|
CWE-89
SQL Injection
|
CVE-2016-5742
|
2024-11-21 11:54 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
