|
269421
|
9.8 |
CRITICAL
Network
|
zsh
canonical
|
zsh
ubuntu_linux
|
In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters.
|
CWE-189
Numeric Errors
|
CVE-2016-10714
|
2024-11-21 11:44 |
2018-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269422
|
5.5 |
MEDIUM
Local
|
gnu
|
patch
|
An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-10713
|
2024-11-21 11:44 |
2018-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269423
|
7.5 |
HIGH
Network
|
php
canonical
|
php
ubuntu_linux
|
In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For exa…
|
CWE-20
Improper Input Validation
|
CVE-2016-10712
|
2024-11-21 11:44 |
2018-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269424
|
9.8 |
CRITICAL
Network
|
debian
apsis
|
debian_linux
pound
|
Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751.
|
CWE-444
HTTP Request Smuggling
|
CVE-2016-10711
|
2024-11-21 11:44 |
2018-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269425
|
8.1 |
HIGH
Network
|
biscom
|
secure_file_transfer
|
Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not validate the dataFieldId value, and uses sequential numbers, which allows remote authenticated users to overwrite or read files vi…
|
CWE-20
Improper Input Validation
|
CVE-2016-10710
|
2024-11-21 11:44 |
2018-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269426
|
8.8 |
HIGH
Network
|
pfsense
|
pfsense
|
pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.
|
CWE-78
OS Command
|
CVE-2016-10709
|
2024-11-21 11:44 |
2018-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269427
|
7.5 |
HIGH
Network
|
openbsd
debian
canonical
netapp
|
openssh
debian_linux
ubuntu_linux
storagegrid_webscale
cloud_backup
data_ontap_edge
storagegrid
clustered_data_ontap
service_processor
oncommand_unified_manager
data_ont…
|
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, relat…
|
CWE-476
NULL Pointer Dereference
|
CVE-2016-10708
|
2024-11-21 11:44 |
2018-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269428
|
7.5 |
HIGH
Network
|
jquery
|
jquery
|
jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an i…
|
CWE-674
Uncontrolled Recursion
|
CVE-2016-10707
|
2024-11-21 11:44 |
2018-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269429
|
6.1 |
MEDIUM
Network
|
automattic
|
jetpack
|
The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link.
|
CWE-79
Cross-site Scripting
|
CVE-2016-10706
|
2024-11-21 11:44 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269430
|
6.1 |
MEDIUM
Network
|
automattic
|
jetpack
|
The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module.
|
CWE-79
Cross-site Scripting
|
CVE-2016-10705
|
2024-11-21 11:44 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
