Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-9891 |
Cross-site scripting (XSS) vulnerability in admin/media.php and admin/media_item.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or media_title parameter (aka the media title). Published: December 29, 2016; 1:59:00 PM -0500 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2016-10081 |
/usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action. Published: December 29, 2016; 1:59:00 PM -0500 |
V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2015-0854 |
App/HelperFunctions.pm in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Show in Folder" action. Published: December 29, 2016; 1:59:00 PM -0500 |
V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2016-9878 |
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks. Published: December 29, 2016; 4:59:00 AM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-9877 |
An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected. Published: December 29, 2016; 4:59:00 AM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-7463 |
Cross-site scripting (XSS) vulnerability in the Host Client in VMware vSphere Hypervisor (aka ESXi) 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted VM. Published: December 29, 2016; 4:59:00 AM -0500 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2016-7462 |
The Suite REST API in VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to write arbitrary content to files or rename files via a crafted DiskFileItem in a relay-request payload that is mishandled during deserialization. Published: December 29, 2016; 4:59:00 AM -0500 |
V3.0: 8.5 HIGH V2.0: 7.5 HIGH |
CVE-2016-7461 |
The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x before 12.5.2 and VMware Workstation Player 12.x before 12.5.2 and VMware Fusion and Fusion Pro 8.x before 8.5.2 allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (out-of-bounds memory access on the host OS) via unspecified vectors. Published: December 29, 2016; 4:59:00 AM -0500 |
V3.0: 8.8 HIGH V2.0: 7.2 HIGH |
CVE-2016-7460 |
The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Published: December 29, 2016; 4:59:00 AM -0500 |
V3.0: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2016-7459 |
VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Published: December 29, 2016; 4:59:00 AM -0500 |
V3.0: 7.7 HIGH V2.0: 4.0 MEDIUM |
CVE-2016-7458 |
VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Published: December 29, 2016; 4:59:00 AM -0500 |
V3.0: 5.8 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2016-7457 |
VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors. Published: December 29, 2016; 4:59:00 AM -0500 |
V3.0: 10.0 CRITICAL V2.0: 8.0 HIGH |
CVE-2016-7456 |
VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session. Published: December 29, 2016; 4:59:00 AM -0500 |
V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2016-7087 |
Directory traversal vulnerability in the Connection Server in VMware Horizon View 5.x before 5.3.7, 6.x before 6.2.3, and 7.x before 7.0.1 allows remote attackers to obtain sensitive information via unspecified vectors. Published: December 29, 2016; 4:59:00 AM -0500 |
V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2016-7086 |
The installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse setup64.exe file in the installation directory. Published: December 29, 2016; 4:59:00 AM -0500 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2016-7085 |
Untrusted search path vulnerability in the installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. Published: December 29, 2016; 4:59:00 AM -0500 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2016-7084 |
tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via a JPEG 2000 image. Published: December 29, 2016; 4:59:00 AM -0500 |
V3.0: 7.8 HIGH V2.0: 6.9 MEDIUM |
CVE-2016-7083 |
VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via TrueType fonts embedded in EMFSPOOL. Published: December 29, 2016; 4:59:00 AM -0500 |
V3.0: 7.8 HIGH V2.0: 5.9 MEDIUM |
CVE-2016-7082 |
VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via an EMF file. Published: December 29, 2016; 4:59:00 AM -0500 |
V3.0: 7.8 HIGH V2.0: 5.9 MEDIUM |
CVE-2016-7081 |
Multiple heap-based buffer overflows in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS via unspecified vectors. Published: December 29, 2016; 4:59:00 AM -0500 |
V3.0: 7.8 HIGH V2.0: 6.9 MEDIUM |