|
266241
|
8.8 |
HIGH
Network
|
dropbear_ssh_project
|
dropbear_ssh
|
The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument.
|
CWE-284
Improper Access Control
|
CVE-2016-7408
|
2024-11-21 11:57 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266242
|
9.8 |
CRITICAL
Network
|
dropbear_ssh_project
|
dropbear_ssh
|
The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file.
|
CWE-20
Improper Input Validation
|
CVE-2016-7407
|
2024-11-21 11:57 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266243
|
9.8 |
CRITICAL
Network
|
dropbear_ssh_project
|
dropbear_ssh
|
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.
|
CWE-20
Improper Input Validation
|
CVE-2016-7406
|
2024-11-21 11:57 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266244
|
6.5 |
MEDIUM
Network
|
matrixssl
|
matrixssl
|
TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL before 3.8.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted message.
|
CWE-125
Out-of-bounds Read
|
CVE-2016-6884
|
2024-11-21 11:57 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266245
|
5.9 |
MEDIUM
Network
|
matrixssl
|
matrixssl
|
MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack.
|
CWE-200
Information Exposure
|
CVE-2016-6883
|
2024-11-21 11:57 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266246
|
5.9 |
MEDIUM
Network
|
matrixssl
|
matrixssl
|
MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack.
|
CWE-200
CWE-320
Information Exposure
Key Management Errors
|
CVE-2016-6882
|
2024-11-21 11:57 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266247
|
4.7 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via u…
|
CWE-79
Cross-site Scripting
|
CVE-2016-7111
|
2024-11-21 11:57 |
2017-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266248
|
5.5 |
MEDIUM
Local
|
libav
|
libav
|
Stack-based buffer overflow in the aac_sync function in aac_parser.c in Libav before 11.5 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
|
CWE-125
Out-of-bounds Read
|
CVE-2016-7393
|
2024-11-21 11:57 |
2017-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266249
|
5.5 |
MEDIUM
Local
|
autotrace_project
|
autotrace
|
Heap-based buffer overflow in the pstoedit_suffix_table_init function in output-pstoedit.c in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted…
|
CWE-787
Out-of-bounds Write
|
CVE-2016-7392
|
2024-11-21 11:57 |
2017-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266250
|
9.8 |
CRITICAL
Network
|
exponentcms
|
exponent_cms
|
Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action,…
|
CWE-89
SQL Injection
|
CVE-2016-7400
|
2024-11-21 11:57 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
