|
265831
|
6.1 |
MEDIUM
Network
|
apostrophecms
|
sanitize-html
|
sanitize-html before 1.4.3 has XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2016-1000237
|
2024-11-21 11:43 |
2020-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265832
|
6.1 |
MEDIUM
Network
|
smartbear
redhat
|
swagger-ui
openshift
jboss_fuse
|
swagger-ui has XSS in key names
|
CWE-79
Cross-site Scripting
|
CVE-2016-1000229
|
2024-11-21 11:43 |
2019-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265833
|
4.4 |
MEDIUM
Network
|
cookie-signature_project
debian
|
cookie-signature
debian_linux
|
Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used.
|
CWE-362
Race Condition
|
CVE-2016-1000236
|
2024-11-21 11:43 |
2019-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265834
|
6.1 |
MEDIUM
Network
|
doxygen
|
doxygen
|
Insufficient sanitization of the query parameter in templates/html/search_opensearch.php could lead to reflected cross-site scripting or iframe injection.
|
CWE-79
Cross-site Scripting
|
CVE-2016-10245
|
2024-11-21 11:43 |
2019-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265835
|
9.8 |
CRITICAL
Network
|
haraka_project
|
haraka
|
Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection.
|
CWE-77
Command Injection
|
CVE-2016-1000282
|
2024-11-21 11:43 |
2019-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265836
|
9.8 |
CRITICAL
Network
|
dthdevelopment
|
dt_register
|
Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in "/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events". This attack app…
|
CWE-89
SQL Injection
|
CVE-2016-1000271
|
2024-11-21 11:43 |
2019-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265837
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
|
CWE-125
Out-of-bounds Read
|
CVE-2016-10403
|
2024-11-21 11:43 |
2019-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265838
|
5.3 |
MEDIUM
Network
|
salesforce
ibm
redhat
|
tough-cookie
api_connect
openshift_container_platform
|
NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable …
|
CWE-20
Improper Input Validation
|
CVE-2016-1000232
|
2024-11-21 11:43 |
2018-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265839
|
7.4 |
HIGH
Network
|
bouncycastle
|
legion-of-the-bouncy-castle-java-crytography-api
|
In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
|
CWE-310
Cryptographic Issues
|
CVE-2016-1000352
|
2024-11-21 11:43 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265840
|
3.7 |
LOW
Network
|
bouncycastle
debian
|
legion-of-the-bouncy-castle-java-crytography-api
debian_linux
|
In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other pa…
|
CWE-320
Key Management Errors
|
CVE-2016-1000346
|
2024-11-21 11:43 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
