|
268441
|
8.8 |
HIGH
Network
|
adobe
|
flash_player_desktop_runtime
flash_player
|
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary…
|
CWE-416
Use After Free
|
CVE-2016-7020
|
2024-11-21 11:57 |
2016-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268442
|
9.8 |
CRITICAL
Network
|
qemu
debian
|
qemu
debian_linux
|
Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet.
|
CWE-787
Out-of-bounds Write
|
CVE-2016-7161
|
2024-11-21 11:57 |
2016-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268443
|
7.5 |
HIGH
Network
|
opensuse
haxx
|
leap
libcurl
|
curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse o…
|
CWE-287
Improper Authentication
|
CVE-2016-7141
|
2024-11-21 11:57 |
2016-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268444
|
5.9 |
MEDIUM
Network
|
redhat
|
jboss_enterprise_application_platform
|
Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via…
|
CWE-399
Resource Management Errors
|
CVE-2016-7046
|
2024-11-21 11:57 |
2016-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268445
|
6.5 |
MEDIUM
Network
|
libgd
opensuse
|
libgd
leap
opensuse
|
The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image.
|
CWE-125
Out-of-bounds Read
|
CVE-2016-6905
|
2024-11-21 11:57 |
2016-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268446
|
9.8 |
CRITICAL
Network
|
adodb_project
fedoraproject
|
adodb
fedora
|
The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.
|
CWE-89
SQL Injection
|
CVE-2016-7405
|
2024-11-21 11:57 |
2016-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268447
|
7.5 |
HIGH
Network
|
canonical
djangoproject
debian
|
ubuntu_linux
django
debian_linux
|
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting …
|
CWE-254
7PK - Security Features
|
CVE-2016-7401
|
2024-11-21 11:57 |
2016-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268448
|
7.5 |
HIGH
Network
|
redhat
ceph_project
|
ceph_storage
ceph
|
The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL.
|
CWE-200
CWE-254
Information Exposure
7PK - Security Features
|
CVE-2016-7031
|
2024-11-21 11:57 |
2016-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268449
|
4.4 |
MEDIUM
Local
|
sophos
|
unified_threat_management_software
|
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in t…
|
CWE-200
Information Exposure
|
CVE-2016-7397
|
2024-11-21 11:57 |
2016-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268450
|
4.0 |
MEDIUM
Network
|
siemens
|
scalance_m-800_firmware
scalance_s615_firmware
|
The integrated web server on Siemens SCALANCE M-800 and S615 modules with firmware before 4.02 does not set the secure flag for the session cookie in an https session, which makes it easier for remot…
|
CWE-200
Information Exposure
|
CVE-2016-7090
|
2024-11-21 11:57 |
2016-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
