|
268431
|
9.8 |
CRITICAL
Network
|
revive-adserver
|
revive_adserver
|
Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful au…
|
CWE-384
Session Fixation
|
CVE-2016-9125
|
2024-11-21 12:00 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268432
|
9.8 |
CRITICAL
Network
|
revive-adserver
|
revive_adserver
|
Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown …
|
CWE-287
Improper Authentication
|
CVE-2016-9124
|
2024-11-21 12:00 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268433
|
7.5 |
HIGH
Network
|
go-jose_project
|
go-jose
|
go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectur…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2016-9123
|
2024-11-21 12:00 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268434
|
7.5 |
HIGH
Network
|
go-jose_project
|
go-jose
|
go-jose before 1.0.4 suffers from multiple signatures exploitation. The go-jose library supports messages with multiple signatures. However, when validating a signed message the API did not indicate …
|
CWE-284
Improper Access Control
|
CVE-2016-9122
|
2024-11-21 12:00 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268435
|
9.1 |
CRITICAL
Network
|
go-jose_project
|
go-jose
|
go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received pu…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2016-9121
|
2024-11-21 12:00 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268436
|
8.8 |
HIGH
Network
|
ibm
|
cognos_business_intelligence
|
IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie valu…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-8960
|
2024-11-21 12:00 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268437
|
7.5 |
HIGH
Network
|
f5
|
big-ip_local_traffic_manager
big-ip_application_acceleration_manager
big-ip_advanced_firewall_manager
big-ip_analytics
big-ip_access_policy_manager
big-ip_application_security_manager<…
|
The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF3, 11.6.x before 11.6.1 HF2 and 12.x before 12.1.2 does not properly handle minimum path MTU options for IPv6, which allows remot…
|
CWE-19
Data Processing Errors
|
CVE-2016-9252
|
2024-11-21 12:00 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268438
|
7.5 |
HIGH
Network
|
cryptography.io
fedoraproject
canonical
|
cryptography
fedora
ubuntu_linux
|
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
|
NVD-CWE-noinfo
|
CVE-2016-9243
|
2024-11-21 12:00 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268439
|
7.5 |
HIGH
Network
|
libdwarf_project
|
libdwarf
|
The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read).
|
CWE-125
Out-of-bounds Read
|
CVE-2016-9276
|
2024-11-21 12:00 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268440
|
7.5 |
HIGH
Network
|
libdwarf_project
|
libdwarf
|
Heap-based buffer overflow in the _dwarf_skim_forms function in libdwarf/dwarf_macro5.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read).
|
CWE-787
Out-of-bounds Write
|
CVE-2016-9275
|
2024-11-21 12:00 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
