CVE-2016-9554

CVE-2016-9554 affects Sophos Web Appliance (Secure Web Gateway) before version 4.3.1. The vulnerability exists in the web admin interface via MgrDiagnosticTools.php, where diagnostic tests invoke wget and pass user-controlled input in the url parameter to executeCommand, which calls exec() withou...

mysql: race condition while setting stats during MyISAM table repair (CPU Oct 2016)

A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user...

mysql: race condition while setting stats during MyISAM table repair (CPU Oct 2016)

A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user...

CVE-2016-4484

The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password...

DEBIAN-CVE-2016-4484

The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password...

CVE-2016-4484

The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password...

CVE-2016-4484

The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password...

CVE-2016-4484

The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password...

CVE-2016-4484

The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password...

CVE-2016-4484

CVE-2016-4484 affects the Debian cryptsetup initrd script (versions up to 2:1.7.3-2). The root cause is that the initrd script allows physically proximate attackers to gain shell access after many login attempts with invalid passwords. The issue provides a high impact on confidentiality, integrit...

PT-2017-19481

MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can craft malicious input that overflows the stack buffer and execute a return-oriented programmi...

mysql: race condition while setting stats during MyISAM table repair (CPU Oct 2016)

A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user...

mysql: race condition while setting stats during MyISAM table repair (CPU Oct 2016)

A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user...

mysql: race condition while setting stats during MyISAM table repair (CPU Oct 2016)

A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user...

mysql: race condition while setting stats during MyISAM table repair (CPU Oct 2016)

A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user...

Dell iDRAC7 and iDRAC8 Devices Code Injection Vulnerability (Nov 2016)

Dell iDRAC7 and iDRAC8 devices allow authenticated users to gain Bash shell access through a string injection. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...

CVE-2016-5685

Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection...

CVE-2016-5685

Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection...

Sql injection

Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection...

CVE-2016-5685

Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection...