|
266371
|
5.5 |
MEDIUM
Local
|
intel
|
integrated_performance_primitives
|
Intel Integrated Performance Primitives (aka IPP) Cryptography before 9.0.4 makes it easier for local users to discover RSA private keys via a side-channel attack.
|
CWE-200
Information Exposure
|
CVE-2016-8100
|
2024-11-21 11:58 |
2016-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266372
|
6.3 |
MEDIUM
Local
|
xen
|
xen
|
Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks o…
|
CWE-362
Race Condition
|
CVE-2016-7777
|
2024-11-21 11:58 |
2016-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266373
|
4.4 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1)…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2016-7909
|
2024-11-21 11:58 |
2016-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266374
|
4.4 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators t…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2016-7908
|
2024-11-21 11:58 |
2016-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266375
|
4.4 |
MEDIUM
Local
|
qemu
|
qemu
|
The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators t…
|
CWE-20
CWE-399
Improper Input Validation
Resource Management Errors
|
CVE-2016-7907
|
2024-11-21 11:58 |
2016-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266376
|
7.2 |
HIGH
Network
|
fortinet
|
fortiwlc
|
Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file.
|
CWE-200
Information Exposure
|
CVE-2016-7561
|
2024-11-21 11:58 |
2016-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266377
|
9.8 |
CRITICAL
Network
|
fortinet
|
fortiwlc
|
The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrar…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2016-7560
|
2024-11-21 11:58 |
2016-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266378
|
9.1 |
CRITICAL
Network
|
sap
|
netweaver
|
The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with cer…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-7435
|
2024-11-21 11:58 |
2016-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266379
|
4.3 |
MEDIUM
Network
|
drupal
|
drupal
|
The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions an…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-7572
|
2024-11-21 11:58 |
2016-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266380
|
6.1 |
MEDIUM
Network
|
drupal
|
drupal
|
Cross-site scripting (XSS) vulnerability in Drupal 8.x before 8.1.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an HTTP exception.
|
CWE-79
Cross-site Scripting
|
CVE-2016-7571
|
2024-11-21 11:58 |
2016-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
