|
269251
|
9.8 |
CRITICAL
Network
|
apache
|
myfaces_trinidad
|
CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2016-5019
|
2024-11-21 11:53 |
2016-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269252
|
9.8 |
CRITICAL
Network
|
c-ares_project
c-ares
debian
nodejs
canonical
|
c-ares
debian_linux
node.js
ubuntu_linux
|
Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code …
|
CWE-787
Out-of-bounds Write
|
CVE-2016-5180
|
2024-11-21 11:53 |
2016-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269253
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mechanism via unspecified vectors.
|
CWE-284
Improper Access Control
|
CVE-2016-5176
|
2024-11-21 11:53 |
2016-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269254
|
9.8 |
CRITICAL
Network
|
aternity
|
aternity
|
The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans.
|
CWE-669
Incorrect Resource Transfer Between Spheres
|
CVE-2016-5062
|
2024-11-21 11:53 |
2016-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269255
|
6.1 |
MEDIUM
Network
|
aternity
|
aternity
|
Multiple cross-site scripting (XSS) vulnerabilities in the web server in Aternity before 9.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTPAgent, (2) MacAgent, (3) g…
|
CWE-79
Cross-site Scripting
|
CVE-2016-5061
|
2024-11-21 11:53 |
2016-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269256
|
7.2 |
HIGH
Network
|
apache
redhat
|
activemq_artemis
jboss_enterprise_application_platform
|
The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote aut…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2016-4978
|
2024-11-21 11:53 |
2016-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269257
|
9.8 |
CRITICAL
Network
|
openstack
|
python-muranoclient
mitaka-murano
murano-dashboard
murano
|
OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x …
|
CWE-20
Improper Input Validation
|
CVE-2016-4972
|
2024-11-21 11:53 |
2016-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269258
|
6.1 |
MEDIUM
Network
|
redhat
|
jboss_enterprise_application_platform
jboss_wildfly_application_server
|
CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary…
|
CWE-93
CWE-113
CRLF Injection
HTTP Response Splitting
|
CVE-2016-4993
|
2024-11-21 11:53 |
2016-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269259
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2016-5175
|
2024-11-21 11:53 |
2016-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269260
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers t…
|
CWE-20
Improper Input Validation
|
CVE-2016-5174
|
2024-11-21 11:53 |
2016-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
