|
266151
|
6.1 |
MEDIUM
Network
|
doxygen
|
doxygen
|
Insufficient sanitization of the query parameter in templates/html/search_opensearch.php could lead to reflected cross-site scripting or iframe injection.
|
CWE-79
Cross-site Scripting
|
CVE-2016-10245
|
2024-11-21 11:43 |
2019-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266152
|
9.8 |
CRITICAL
Network
|
haraka_project
|
haraka
|
Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection.
|
CWE-77
Command Injection
|
CVE-2016-1000282
|
2024-11-21 11:43 |
2019-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266153
|
9.8 |
CRITICAL
Network
|
dthdevelopment
|
dt_register
|
Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in "/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events". This attack app…
|
CWE-89
SQL Injection
|
CVE-2016-1000271
|
2024-11-21 11:43 |
2019-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266154
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
|
CWE-125
Out-of-bounds Read
|
CVE-2016-10403
|
2024-11-21 11:43 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266155
|
5.3 |
MEDIUM
Network
|
salesforce
ibm
redhat
|
tough-cookie
api_connect
openshift_container_platform
|
NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable …
|
CWE-20
Improper Input Validation
|
CVE-2016-1000232
|
2024-11-21 11:43 |
2018-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266156
|
7.4 |
HIGH
Network
|
bouncycastle
|
legion-of-the-bouncy-castle-java-crytography-api
|
In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
|
CWE-310
Cryptographic Issues
|
CVE-2016-1000352
|
2024-11-21 11:43 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266157
|
3.7 |
LOW
Network
|
bouncycastle
debian
|
legion-of-the-bouncy-castle-java-crytography-api
debian_linux
|
In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other pa…
|
CWE-320
Key Management Errors
|
CVE-2016-1000346
|
2024-11-21 11:43 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266158
|
5.9 |
MEDIUM
Network
|
bouncycastle
debian
|
legion-of-the-bouncy-castle-java-crytography-api
debian_linux
|
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed,…
|
CWE-361
7PK - Time and State
|
CVE-2016-1000345
|
2024-11-21 11:43 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266159
|
7.4 |
HIGH
Network
|
bouncycastle
|
legion-of-the-bouncy-castle-java-crytography-api
|
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
|
CWE-310
Cryptographic Issues
|
CVE-2016-1000344
|
2024-11-21 11:43 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266160
|
7.5 |
HIGH
Network
|
bouncycastle
debian
|
legion-of-the-bouncy-castle-java-crytography-api
debian_linux
|
In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initial…
|
CWE-310
Cryptographic Issues
|
CVE-2016-1000343
|
2024-11-21 11:43 |
2018-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
