Show filters
201 Total Results
Displaying 111-120 of 201
Sort by:
Attacker Value
Unknown

CVE-2016-3630

Disclosure Date: April 13, 2016 (last updated November 25, 2024)
The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records.
Attacker Value
Unknown

CVE-2016-3069

Disclosure Date: April 13, 2016 (last updated November 25, 2024)
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
0
Attacker Value
Unknown

CVE-2016-2166

Disclosure Date: April 12, 2016 (last updated November 08, 2023)
The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.
0
Attacker Value
Unknown

CVE-2016-2216

Disclosure Date: April 07, 2016 (last updated November 25, 2024)
The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.
0
Attacker Value
Unknown

CVE-2016-0729

Disclosure Date: April 07, 2016 (last updated November 25, 2024)
Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document.
0
Attacker Value
Unknown

CVE-2016-2086

Disclosure Date: April 07, 2016 (last updated November 25, 2024)
Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
0
Attacker Value
Unknown

CVE-2016-3125

Disclosure Date: April 05, 2016 (last updated November 25, 2024)
The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors.
0
Attacker Value
Unknown

CVE-2016-1285

Disclosure Date: March 09, 2016 (last updated December 01, 2023)
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.
Attacker Value
Unknown

CVE-2016-1286

Disclosure Date: March 09, 2016 (last updated December 01, 2023)
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.
Attacker Value
Unknown

CVE-2016-2316

Disclosure Date: February 22, 2016 (last updated November 25, 2024)
chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values.
0