|
268651
|
5.5 |
MEDIUM
Local
|
mini-xml_project
debian
|
mini-xml
debian_linux
|
The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2016-4571
|
2024-11-21 11:52 |
2017-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268652
|
5.5 |
MEDIUM
Local
|
mini-xml_project
debian
|
mini-xml
debian_linux
|
The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2016-4570
|
2024-11-21 11:52 |
2017-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268653
|
7.5 |
HIGH
Network
|
cakephp
|
cakephp
|
The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.
|
CWE-20
Improper Input Validation
|
CVE-2016-4793
|
2024-11-21 11:52 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268654
|
6.8 |
MEDIUM
Physics
|
cryptsetup_project
|
cryptsetup
|
The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.
|
CWE-287
Improper Authentication
|
CVE-2016-4484
|
2024-11-21 11:52 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268655
|
6.1 |
MEDIUM
Network
|
roundcube
|
webmail
|
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message.
|
CWE-79
Cross-site Scripting
|
CVE-2016-4552
|
2024-11-21 11:52 |
2016-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268656
|
5.5 |
MEDIUM
Local
|
redhat
|
enterprise_virtualization
|
Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2016-4443
|
2024-11-21 11:52 |
2016-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268657
|
4.4 |
MEDIUM
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the u…
|
CWE-254
7PK - Security Features
|
CVE-2016-4412
|
2024-11-21 11:52 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268658
|
7.5 |
HIGH
Network
|
hp
|
system_management_homepage
|
HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-4396
|
2024-11-21 11:52 |
2016-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268659
|
7.5 |
HIGH
Network
|
hp
|
system_management_homepage
|
HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-4395
|
2024-11-21 11:52 |
2016-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268660
|
6.5 |
MEDIUM
Network
|
hp
|
system_management_homepage
|
HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue.
|
CWE-254
7PK - Security Features
|
CVE-2016-4394
|
2024-11-21 11:52 |
2016-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
