|
266821
|
6.1 |
MEDIUM
Network
|
sophos
|
unified_threat_management_software
|
Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2016-2046
|
2024-11-21 11:47 |
2016-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266822
|
8.8 |
HIGH
Network
|
mozilla
|
firefox
|
Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site tha…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-1949
|
2024-11-21 11:47 |
2016-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266823
|
6.5 |
MEDIUM
Network
|
xmlsoft
debian
canonical
|
libxml2
debian_linux
ubuntu_linux
|
The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-2073
|
2024-11-21 11:47 |
2016-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266824
|
9.8 |
CRITICAL
Network
|
hp
|
continuous_delivery_automation
|
HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
|
CWE-94
Code Injection
|
CVE-2016-1986
|
2024-11-21 11:47 |
2016-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266825
|
3.3 |
LOW
Local
|
libdwarf_project
|
libdwarf
|
The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf 20151114 allows attackers to cause a denial of service (out-of-bounds read) via a crafted ELF object file.
|
CWE-125
Out-of-bounds Read
|
CVE-2016-2091
|
2024-11-21 11:47 |
2016-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266826
|
6.5 |
MEDIUM
Network
|
jasper_project
|
jasper
|
The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.
|
CWE-20
Improper Input Validation
|
CVE-2016-2089
|
2024-11-21 11:47 |
2016-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266827
|
5.5 |
MEDIUM
Network
|
djangoproject
|
django
|
Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option …
|
CWE-284
Improper Access Control
|
CVE-2016-2048
|
2024-11-21 11:47 |
2016-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266828
|
9.8 |
CRITICAL
Network
|
kubernetes
|
kubernetes
|
Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-1906
|
2024-11-21 11:47 |
2016-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266829
|
7.7 |
HIGH
Network
|
kubernetes
|
kubernetes
|
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
|
CWE-284
Improper Access Control
|
CVE-2016-1905
|
2024-11-21 11:47 |
2016-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266830
|
8.8 |
HIGH
Network
|
janrain
|
php-openid
|
examples/consumer/common.php in JanRain PHP OpenID library (aka php-openid) improperly checks the openid.realm parameter against the SERVER_NAME element in the SERVER superglobal array, which might a…
|
CWE-284
Improper Access Control
|
CVE-2016-2049
|
2024-11-21 11:47 |
2016-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
