|
265031
|
5.9 |
MEDIUM
Network
|
nodejs
suse
|
node.js
linux_enterprise
|
The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certifi…
|
CWE-19
Data Processing Errors
|
CVE-2016-7099
|
2024-11-21 11:57 |
2016-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265032
|
9.8 |
CRITICAL
Network
|
debian
linux
canonical
|
debian_linux
linux_kernel
ubuntu_linux
|
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system …
|
CWE-19
Data Processing Errors
|
CVE-2016-7117
|
2024-11-21 11:57 |
2016-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265033
|
5.5 |
MEDIUM
Local
|
debian
libav
|
debian_linux
libav
|
The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav 11.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted MP3 fil…
|
CWE-476
NULL Pointer Dereference
|
CVE-2016-7424
|
2024-11-21 11:57 |
2016-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265034
|
9.8 |
CRITICAL
Network
|
fedoraproject
haxx
|
fedora
libcurl
|
Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact vi…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2016-7167
|
2024-11-21 11:57 |
2016-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265035
|
8.8 |
HIGH
Network
|
redhat
|
cloudforms_management_engine
|
Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to…
|
CWE-284
Improper Access Control
|
CVE-2016-7040
|
2024-11-21 11:57 |
2016-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265036
|
8.8 |
HIGH
Network
|
adobe
|
flash_player_desktop_runtime
flash_player
|
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary…
|
CWE-416
Use After Free
|
CVE-2016-7020
|
2024-11-21 11:57 |
2016-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265037
|
9.8 |
CRITICAL
Network
|
qemu
debian
|
qemu
debian_linux
|
Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet.
|
CWE-787
Out-of-bounds Write
|
CVE-2016-7161
|
2024-11-21 11:57 |
2016-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265038
|
7.5 |
HIGH
Network
|
opensuse
haxx
|
leap
libcurl
|
curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse o…
|
CWE-287
Improper Authentication
|
CVE-2016-7141
|
2024-11-21 11:57 |
2016-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265039
|
5.9 |
MEDIUM
Network
|
redhat
|
jboss_enterprise_application_platform
|
Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via…
|
CWE-399
Resource Management Errors
|
CVE-2016-7046
|
2024-11-21 11:57 |
2016-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265040
|
6.5 |
MEDIUM
Network
|
libgd
opensuse
|
libgd
leap
opensuse
|
The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image.
|
CWE-125
Out-of-bounds Read
|
CVE-2016-6905
|
2024-11-21 11:57 |
2016-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
