|
267501
|
7.5 |
HIGH
Network
|
call-cc
|
http-client
|
The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" header to the HTTP_PROXY environment variable, which would allow attackers to direct CGI programs which use this environment variable…
|
CWE-19
Data Processing Errors
|
CVE-2016-6286
|
2024-11-21 11:55 |
2017-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267502
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock)…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2016-6213
|
2024-11-21 11:55 |
2016-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267503
|
8.8 |
HIGH
Network
|
python-openxml_project
|
python-docx
|
python-docx before 0.8.6 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted document.
|
CWE-611
XXE
|
CVE-2016-5851
|
2024-11-21 11:55 |
2016-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267504
|
5.3 |
MEDIUM
Network
|
gnupg
debian
canonical
|
libgcrypt
debian_linux
ubuntu_linux
gnupg
|
The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of …
|
CWE-200
Information Exposure
|
CVE-2016-6313
|
2024-11-21 11:55 |
2016-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267505
|
7.5 |
HIGH
Network
|
imagemagick
oracle
|
imagemagick
solaris
|
MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read.
|
CWE-125
Out-of-bounds Read
|
CVE-2016-5842
|
2024-11-21 11:55 |
2016-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267506
|
9.8 |
CRITICAL
Network
|
imagemagick
oracle
|
imagemagick
solaris
|
Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involvi…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2016-5841
|
2024-11-21 11:55 |
2016-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267507
|
7.5 |
HIGH
Network
|
gnu
|
tar
|
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files v…
|
CWE-22
Path Traversal
|
CVE-2016-6321
|
2024-11-21 11:55 |
2016-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267508
|
7.5 |
HIGH
Network
|
busybox
|
busybox
|
The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a…
|
CWE-399
Resource Management Errors
|
CVE-2016-6301
|
2024-11-21 11:55 |
2016-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267509
|
5.3 |
MEDIUM
Network
|
ibm
|
maximo_asset_management
|
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers …
|
CWE-20
Improper Input Validation
|
CVE-2016-5987
|
2024-11-21 11:55 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267510
|
5.4 |
MEDIUM
Network
|
ibm
|
maximo_asset_management
|
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote authenticated users to inject arbitrary web script or HTML via…
|
CWE-79
Cross-site Scripting
|
CVE-2016-5905
|
2024-11-21 11:55 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
