{"vulnerability": "cve-2016-1074", "sightings": [{"uuid": "d46ddad7-a8d5-4920-a0b2-349c90e35f27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10743", "type": "seen", "source": "https://t.me/VulnerabilityNews/12805", "content": "hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.\nPublished at: February 28, 2020 at 04:15PM\nView on website", "creation_timestamp": "2020-02-28T19:20:18.000000Z"}, {"uuid": "c0ae6656-2927-4820-9a38-21caecaf7971", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10746", "type": "seen", "source": "https://t.me/cibsecurity/3810", "content": "ATENTION\u203c New - CVE-2016-10746\n\nlibvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-04-18T20:29:04.000000Z"}, {"uuid": "096b0eb0-5008-4156-bf65-9be30ca338d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10749", "type": "seen", "source": "https://t.me/cibsecurity/3992", "content": "ATENTION\u203c New - CVE-2016-10749\n\nparse_string in cJSON.c in cJSON before 2016-10-02 has a buffer over-read, as demonstrated by a string that begins with a \" character and ends with a \\ character.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-04-29T18:27:18.000000Z"}, {"uuid": "70046f91-1717-44d6-afc6-cb2066ab5ba8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10743", "type": "seen", "source": "https://t.me/cibsecurity/10175", "content": "ATENTION\u203c New - CVE-2019-10064\n\nhostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-02-28T18:33:05.000000Z"}, {"uuid": "b97f07ee-ad76-421b-ac8d-5343f8d5777a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10742", "type": "seen", "source": "https://t.me/cibsecurity/2599", "content": "ATENTION\u203c New - CVE-2016-10742\n\nZabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-02-17T18:28:20.000000Z"}, {"uuid": "16537f2d-c553-4605-8431-67fc2db80c5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10740", "type": "seen", "source": "https://t.me/cibsecurity/2277", "content": "ATENTION\u203c New - CVE-2016-10740\n\nVarious resources in Atlassian Crowd before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories by examining the responses to requests for these resources.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-01-29T07:22:20.000000Z"}, {"uuid": "84cef6d8-ac47-4950-8c7a-db9cd8db4462", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10741", "type": "seen", "source": "https://t.me/cibsecurity/2357", "content": "ATENTION\u203c New - CVE-2016-10741\n\nIn the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-02-01T18:34:13.000000Z"}, {"uuid": "08b54ad6-1b88-4a70-a8e4-e7447f575c27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10743", "type": "seen", "source": "https://t.me/cibsecurity/3307", "content": "ATENTION\u203c New - CVE-2016-10743\n\nhostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-03-23T21:29:06.000000Z"}, {"uuid": "12745c0e-aa8d-4033-9182-8409d4ecf37b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10744", "type": "seen", "source": "https://t.me/cibsecurity/3376", "content": "ATENTION\u203c New - CVE-2016-10744\n\nIn Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-03-27T08:12:18.000000Z"}, {"uuid": "80fbbf32-dc67-4eee-9ab9-9ac7fe0709bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10745", "type": "seen", "source": "https://t.me/cibsecurity/3578", "content": "ATENTION\u203c New - CVE-2016-10745\n\nIn Pallets Jinja before 2.8.1, str.format allows a sandbox escape.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-04-08T16:31:29.000000Z"}]}