|
270471
|
7.5 |
HIGH
Network
|
netty
redhat
apache
|
netty
jboss_data_grid
jboss_middleware_text-only_advisories
cassandra
|
handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2016-4970
|
2024-11-21 11:53 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270472
|
9.8 |
CRITICAL
Network
|
eclipse
|
jetty
|
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints …
|
CWE-284
Improper Access Control
|
CVE-2016-4800
|
2024-11-21 11:53 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270473
|
6.1 |
MEDIUM
Network
|
webmin
|
usermin
|
Multiple cross-site scripting (XSS) vulnerabilities in (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi in Usermin before 1.690.
|
CWE-79
Cross-site Scripting
|
CVE-2016-4897
|
2024-11-21 11:53 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270474
|
6.5 |
MEDIUM
Network
|
setucocms_project
|
setucocms
|
SetsucoCMS all versions does not properly manage sessions, which allows remote attackers to disclose or alter unauthorized information via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-4896
|
2024-11-21 11:53 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270475
|
8.8 |
HIGH
Network
|
setucocms_project
|
setucocms
|
SetsucoCMS all versions allows remote authenticated attackers to conduct code injection attacks via unspecified vectors.
|
CWE-94
Code Injection
|
CVE-2016-4895
|
2024-11-21 11:53 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270476
|
5.3 |
MEDIUM
Network
|
setucocms_project
|
setucocms
|
SetsucoCMS all versions allows remote attackers to cause a denial of service via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2016-4894
|
2024-11-21 11:53 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270477
|
8.8 |
HIGH
Network
|
setucocms_project
|
setucocms
|
SQL injection vulnerability in the SetsucoCMS all versions allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2016-4893
|
2024-11-21 11:53 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270478
|
6.1 |
MEDIUM
Network
|
setucocms_project
|
setucocms
|
Cross-site scripting vulnerability in SetsucoCMS all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2016-4892
|
2024-11-21 11:53 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270479
|
8.8 |
HIGH
Network
|
setucocms_project
|
setucocms
|
Cross-site request forgery (CSRF) vulnerability in SetsucoCMS all versions allows remote attackers to hijack the authentication of an administrator to change settings via unspecified vectors.
|
CWE-352
Origin Validation Error
|
CVE-2016-4891
|
2024-11-21 11:53 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270480
|
7.0 |
HIGH
Local
|
setroubleshoot_project
redhat
|
setroubleshoot
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_hpc_node
|
setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by…
|
CWE-77
Command Injection
|
CVE-2016-4989
|
2024-11-21 11:53 |
2017-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
