|
269001
|
7.5 |
HIGH
Network
|
siemens
|
simatic_s7-1500_cpu_firmware
|
Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to cause a denial of service (STOP mode transition) via crafted packets on TCP port 102.
|
CWE-20
Improper Input Validation
|
CVE-2016-2200
|
2024-11-21 11:48 |
2016-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269002
|
6.5 |
MEDIUM
Network
|
ffmpeg
|
ffmpeg
|
The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-2213
|
2024-11-21 11:48 |
2016-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269003
|
8.8 |
HIGH
Network
|
mcafee
|
vulnerability_manager
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote …
|
CWE-352
Origin Validation Error
|
CVE-2016-2199
|
2024-11-21 11:48 |
2016-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269004
|
- |
|
-
|
-
|
In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products th…
|
-
|
CVE-2016-20022
|
2024-11-21 11:47 |
2024-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269005
|
9.8 |
CRITICAL
Network
|
gentoo
|
portage
|
In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-w…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2016-20021
|
2024-11-21 11:47 |
2024-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269006
|
7.5 |
HIGH
Network
|
knexjs
|
knex
|
Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query.
|
CWE-89
SQL Injection
|
CVE-2016-20018
|
2024-11-21 11:47 |
2022-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269007
|
9.8 |
CRITICAL
Network
|
dlink
|
dsl-2750b_firmware
|
D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022.
|
CWE-77
Command Injection
|
CVE-2016-20017
|
2024-11-21 11:47 |
2022-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269008
|
9.8 |
CRITICAL
Network
|
mvpower
|
tv-7104he_firmware
tv7108he_firmware
|
MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating sy…
|
NVD-CWE-noinfo
|
CVE-2016-20016
|
2024-11-21 11:47 |
2022-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269009
|
7.5 |
HIGH
Network
|
smokeping
|
smokeping
|
In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokeping user to gain ownership of any file, allowing for the smokeping user to gain root privileg…
|
NVD-CWE-noinfo
|
CVE-2016-20015
|
2024-11-21 11:47 |
2022-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269010
|
6.4 |
MEDIUM
Network
|
kippo-graph_project
|
kippo-graph
|
In kippo-graph before version 1.5.1, there is a cross-site scripting vulnerability in $file_link in class/KippoInput.class.php.
|
CWE-79
Cross-site Scripting
|
CVE-2016-2139
|
2024-11-21 11:47 |
2022-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
