|
267961
|
5.4 |
MEDIUM
Network
|
redhat
openstack
|
openstack
manila
|
Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in t…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6519
|
2024-11-21 11:56 |
2017-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267962
|
9.8 |
CRITICAL
Network
|
google
|
android
|
The Qualcomm GPS subsystem in Android on Android One devices allows remote attackers to execute arbitrary code.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-6727
|
2024-11-21 11:56 |
2017-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267963
|
9.8 |
CRITICAL
Network
|
google
|
android
|
Unspecified vulnerability in Qualcomm components in Android on Nexus 6 and Android One devices.
|
NVD-CWE-noinfo
|
CVE-2016-6726
|
2024-11-21 11:56 |
2017-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267964
|
7.5 |
HIGH
Network
|
redhat
canonical
nettle_project
|
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_hpc_node
ubuntu_linux
nettle
|
The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2016-6489
|
2024-11-21 11:56 |
2017-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267965
|
9.8 |
CRITICAL
Network
|
sap
|
business_intelligence_platform
|
SQL injection vulnerability in SAP Business Intelligence platform before January 2017 allows remote attackers to obtain sensitive information, modify data, cause a denial of service (data deletion), …
|
CWE-89
SQL Injection
|
CVE-2016-6818
|
2024-11-21 11:56 |
2017-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267966
|
9.8 |
CRITICAL
Network
|
apache
|
tomcat_jk_connector
|
Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-6808
|
2024-11-21 11:56 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267967
|
8.8 |
HIGH
Network
|
apache
|
hadoop
|
In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-6811
|
2024-11-21 11:56 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267968
|
7.5 |
HIGH
Network
|
cloudera
|
cdh
|
Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization.
|
CWE-284
Improper Access Control
|
CVE-2016-6605
|
2024-11-21 11:56 |
2017-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267969
|
7.5 |
HIGH
Network
|
opmantek
|
network_management_information_system
|
Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations.
|
CWE-77
Command Injection
|
CVE-2016-6534
|
2024-11-21 11:56 |
2017-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267970
|
5.9 |
MEDIUM
Network
|
apache
|
ignite
|
Apache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents.
|
CWE-611
XXE
|
CVE-2016-6805
|
2024-11-21 11:56 |
2017-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
