|
270331
|
9.8 |
CRITICAL
Network
|
ruby-lang
|
ruby
|
Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.
|
NVD-CWE-Other
|
CVE-2016-2337
|
2024-11-21 11:48 |
2017-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270332
|
9.8 |
CRITICAL
Network
|
ruby-lang
|
ruby
|
Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code e…
|
NVD-CWE-Other
|
CVE-2016-2336
|
2024-11-21 11:48 |
2017-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270333
|
5.5 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
QEMU (aka Quick Emulator) built with the USB EHCI emulation support is vulnerable to a null pointer dereference flaw. It could occur when an application attempts to write to EHCI capabilities registe…
|
CWE-476
NULL Pointer Dereference
|
CVE-2016-2198
|
2024-11-21 11:48 |
2016-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270334
|
5.5 |
MEDIUM
Local
|
qemu
|
qemu
|
QEMU (aka Quick Emulator) built with an IDE AHCI emulation support is vulnerable to a null pointer dereference flaw. It occurs while unmapping the Frame Information Structure (FIS) and Command List B…
|
CWE-476
NULL Pointer Dereference
|
CVE-2016-2197
|
2024-11-21 11:48 |
2016-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270335
|
7.8 |
HIGH
Local
|
hp
|
thinpro
|
HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspe…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-2246
|
2024-11-21 11:48 |
2016-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270336
|
6.8 |
MEDIUM
Physics
|
kde
fedoraproject
opensuse
|
kscreenlocker
plasma-workspace
fedora
leap
|
Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again.
|
CWE-254
7PK - Security Features
|
CVE-2016-2312
|
2024-11-21 11:48 |
2016-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270337
|
7.5 |
HIGH
Network
|
bmc
|
remedy_action_request_system
|
Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2016-2349
|
2024-11-21 11:48 |
2016-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270338
|
9.8 |
CRITICAL
Network
|
dotcms
|
dotcms
|
SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1.
|
CWE-89
SQL Injection
|
CVE-2016-2355
|
2024-11-21 11:48 |
2016-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270339
|
6.1 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. The "session" parameter for file-download requests can be used to inject script code that gets reflected through the…
|
CWE-79
Cross-site Scripting
|
CVE-2016-2840
|
2024-11-21 11:48 |
2016-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270340
|
7.8 |
HIGH
Local
|
7-zip
fedoraproject
oracle
|
7-zip
fedora
solaris
|
Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-2334
|
2024-11-21 11:48 |
2016-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
