|
265561
|
6.5 |
MEDIUM
Network
|
cisco
|
jabber_guest
|
A vulnerability in the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to initiate connections to arbitrary hosts. More Information: CSCvc31635. Known Affected Releases: 10.…
|
CWE-20
Improper Input Validation
|
CVE-2016-9224
|
2024-11-21 12:00 |
2016-12-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265562
|
9.8 |
CRITICAL
Network
|
cisco
|
cloudcenter_orchestrator
|
A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high privi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-9223
|
2024-11-21 12:00 |
2016-12-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265563
|
8.8 |
HIGH
Network
|
cisco
|
intercloud_fabric
|
A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers could allow an unauthenticated, remote attacker to connect to the database used by these products. Mo…
|
CWE-285
Improper Authorization
|
CVE-2016-9217
|
2024-11-21 12:00 |
2016-12-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265564
|
7.5 |
HIGH
Network
|
tarantool
|
tarantool
|
An exploitable out-of-bounds array access vulnerability exists in the xrow_header_decode function of Tarantool 1.7.2.0-g8e92715. A specially crafted packet can cause the function to access an element…
|
CWE-125
Out-of-bounds Read
|
CVE-2016-9037
|
2024-11-21 12:00 |
2016-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265565
|
7.5 |
HIGH
Network
|
tarantool
|
msgpuck
|
An exploitable incorrect return value vulnerability exists in the mp_check function of Tarantool's Msgpuck library 1.0.3. A specially crafted packet can cause the mp_check function to incorrectly ret…
|
CWE-125
Out-of-bounds Read
|
CVE-2016-9036
|
2024-11-21 12:00 |
2016-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265566
|
7.5 |
HIGH
Network
|
siemens
|
desigo_web_module_pxa30-w0_firmware
desigo_web_module_pxa30-w1_firmware
desigo_web_module_pxa30-w2_firmware
desigo_web_module_pxa40-w0_firmware
desigo_web_module_pxa40-w1_firmware
desi…
|
Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modu…
|
CWE-332
Insufficient Entropy in PRNG
|
CVE-2016-9154
|
2024-11-21 12:00 |
2016-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265567
|
7.1 |
HIGH
Local
|
image-info_project
|
image-info_for_perl
|
perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could c…
|
CWE-611
XXE
|
CVE-2016-9181
|
2024-11-21 12:00 |
2016-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265568
|
9.1 |
CRITICAL
Network
|
xmltwig
|
xml-twig_for_perl
|
perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's …
|
CWE-611
XXE
|
CVE-2016-9180
|
2024-11-21 12:00 |
2016-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265569
|
7.5 |
HIGH
Network
|
lynx
|
lynx
|
lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host.
|
CWE-20
Improper Input Validation
|
CVE-2016-9179
|
2024-11-21 12:00 |
2016-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265570
|
8.1 |
HIGH
Network
|
siemens
|
simatic_pcs_7
simatic_wincc
|
A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX compon…
|
CWE-254
7PK - Security Features
|
CVE-2016-9160
|
2024-11-21 12:00 |
2016-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
