|
264541
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows l…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-9644
|
2024-11-21 12:01 |
2016-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264542
|
9.8 |
CRITICAL
Network
|
linux
|
linux_kernel
|
The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-…
|
CWE-125
Out-of-bounds Read
|
CVE-2016-9555
|
2024-11-21 12:01 |
2016-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264543
|
6.5 |
MEDIUM
Network
|
drupal
|
drupal
|
The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote attackers to cause a denial of service via a crafted URL.
|
CWE-20
Improper Input Validation
|
CVE-2016-9452
|
2024-11-21 12:01 |
2016-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264544
|
6.8 |
MEDIUM
Network
|
drupal
|
drupal
|
Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.
|
CWE-601
Open Redirect
|
CVE-2016-9451
|
2024-11-21 12:01 |
2016-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264545
|
7.5 |
HIGH
Network
|
drupal
|
drupal
|
The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2016-9450
|
2024-11-21 12:01 |
2016-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264546
|
4.3 |
MEDIUM
Network
|
drupal
|
drupal
|
The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of acc…
|
CWE-200
Information Exposure
|
CVE-2016-9449
|
2024-11-21 12:01 |
2016-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264547
|
5.5 |
MEDIUM
Local
|
samsung
|
samsung_mobile
|
The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. This can be exp…
|
CWE-200
Information Exposure
|
CVE-2016-9567
|
2024-11-21 12:01 |
2016-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264548
|
7.5 |
HIGH
Network
|
sap
|
netweaver_application_server_java
|
SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP …
|
CWE-476
NULL Pointer Dereference
|
CVE-2016-9562
|
2024-11-21 12:01 |
2016-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264549
|
9.8 |
CRITICAL
Network
|
libtiff
|
libtiff
|
tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."
|
CWE-119
CWE-787
Incorrect Access of Indexable Resource ('Range Error')
Out-of-bounds Write
|
CVE-2016-9540
|
2024-11-21 12:01 |
2016-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264550
|
9.8 |
CRITICAL
Network
|
libtiff
|
libtiff
|
tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092.
|
CWE-119
CWE-125
Incorrect Access of Indexable Resource ('Range Error')
Out-of-bounds Read
|
CVE-2016-9539
|
2024-11-21 12:01 |
2016-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
