|
267911
|
4.7 |
MEDIUM
Local
|
google
|
android
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel stack data can be leaked to userspace by an audio driver.
|
CWE-200
Information Exposure
|
CVE-2016-5347
|
2024-11-21 11:54 |
2017-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267912
|
8.8 |
HIGH
Network
|
puppet
|
puppet_enterprise
|
The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node.
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2016-5716
|
2024-11-21 11:54 |
2017-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267913
|
6.1 |
MEDIUM
Network
|
apache
|
sling
|
In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to …
|
CWE-79
Cross-site Scripting
|
CVE-2016-5394
|
2024-11-21 11:54 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267914
|
7.5 |
HIGH
Network
|
freeipa
|
freeipa
|
FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services.
|
CWE-284
Improper Access Control
|
CVE-2016-5414
|
2024-11-21 11:54 |
2017-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267915
|
7.5 |
HIGH
Network
|
libreswan
fedoraproject
|
libreswan
fedora
|
libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart).
|
CWE-476
NULL Pointer Dereference
|
CVE-2016-5391
|
2024-11-21 11:54 |
2017-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267916
|
9.8 |
CRITICAL
Network
|
redhat
|
quickstart_cloud_installer
|
/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system.
|
CWE-255
Credentials Management
|
CVE-2016-5411
|
2024-11-21 11:54 |
2017-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267917
|
5.3 |
MEDIUM
Network
|
acer
|
acer_portal
|
Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate.
|
CWE-295
Improper Certificate Validation
|
CVE-2016-5648
|
2024-11-21 11:54 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267918
|
7.5 |
HIGH
Network
|
redhat
|
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_hpc_node
|
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstat…
|
CWE-200
Information Exposure
|
CVE-2016-5416
|
2024-11-21 11:54 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267919
|
9.8 |
CRITICAL
Network
|
redhat
|
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_hpc_node
|
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstat…
|
CWE-199
Information Management Errors
|
CVE-2016-5405
|
2024-11-21 11:54 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267920
|
7.8 |
HIGH
Local
|
pngquant
|
pngquant
|
Integer overflow in the rwpng_read_image24_libpng function in rwpng.c in pngquant 2.7.0 allows remote attackers to have unspecified impact via a crafted PNG file, which triggers a buffer overflow.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2016-5735
|
2024-11-21 11:54 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
