|
265651
|
7.5 |
HIGH
Network
|
wso2
|
identity_server
|
XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to …
|
CWE-611
XXE
|
CVE-2016-4312
|
2024-11-21 11:51 |
2017-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265652
|
8.8 |
HIGH
Network
|
wso2
|
identity_server
|
Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote attackers to hijack the authentication of privileged users for requests that proc…
|
CWE-352
Origin Validation Error
|
CVE-2016-4311
|
2024-11-21 11:51 |
2017-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265653
|
7.5 |
HIGH
Network
|
cryptopp
|
crypto\+\+
|
The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) before 5.6.4 may be optimized out by the compiler, which allows atta…
|
CWE-200
Information Exposure
|
CVE-2016-3995
|
2024-11-21 11:51 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265654
|
7.5 |
HIGH
Network
|
netapp
|
clustered_data_ontap
|
NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2016-4341
|
2024-11-21 11:51 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265655
|
5.5 |
MEDIUM
Local
|
libavformat_project
|
libavformat
|
Integer overflow in the demuxer function in libmpdemux/demux_gif.c in Mplayer allows remote attackers to cause a denial of service (crash) via large dimensions in a gif file.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2016-4352
|
2024-11-21 11:51 |
2017-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265656
|
7.8 |
HIGH
Local
|
samsung
|
samsung_mobile
|
Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L …
|
CWE-20
Improper Input Validation
|
CVE-2016-4038
|
2024-11-21 11:51 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265657
|
5.5 |
MEDIUM
Local
|
samsung
|
knox
|
ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly check the caller, which allows local users to read KNOX clipboard data via a crafted application.
|
CWE-200
Information Exposure
|
CVE-2016-3996
|
2024-11-21 11:51 |
2017-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265658
|
8.8 |
HIGH
Network
|
gitlab
|
gitlab
|
The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-4340
|
2024-11-21 11:51 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265659
|
8.1 |
HIGH
Network
|
zabbix
|
zabbix
|
The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, all…
|
CWE-89
SQL Injection
|
CVE-2016-4338
|
2024-11-21 11:51 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265660
|
6.1 |
MEDIUM
Network
|
typo3
|
typo3
|
Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a …
|
CWE-79
Cross-site Scripting
|
CVE-2016-4056
|
2024-11-21 11:51 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
