|
265191
|
8.8 |
HIGH
Network
|
wso2
|
identity_server
|
Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote attackers to hijack the authentication of privileged users for requests that proc…
|
CWE-352
Origin Validation Error
|
CVE-2016-4311
|
2024-11-21 11:51 |
2017-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265192
|
7.5 |
HIGH
Network
|
cryptopp
|
crypto\+\+
|
The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) before 5.6.4 may be optimized out by the compiler, which allows atta…
|
CWE-200
Information Exposure
|
CVE-2016-3995
|
2024-11-21 11:51 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265193
|
7.5 |
HIGH
Network
|
netapp
|
clustered_data_ontap
|
NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2016-4341
|
2024-11-21 11:51 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265194
|
5.5 |
MEDIUM
Local
|
libavformat_project
|
libavformat
|
Integer overflow in the demuxer function in libmpdemux/demux_gif.c in Mplayer allows remote attackers to cause a denial of service (crash) via large dimensions in a gif file.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2016-4352
|
2024-11-21 11:51 |
2017-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265195
|
7.8 |
HIGH
Local
|
samsung
|
samsung_mobile
|
Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L …
|
CWE-20
Improper Input Validation
|
CVE-2016-4038
|
2024-11-21 11:51 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265196
|
5.5 |
MEDIUM
Local
|
samsung
|
knox
|
ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly check the caller, which allows local users to read KNOX clipboard data via a crafted application.
|
CWE-200
Information Exposure
|
CVE-2016-3996
|
2024-11-21 11:51 |
2017-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265197
|
8.8 |
HIGH
Network
|
gitlab
|
gitlab
|
The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-4340
|
2024-11-21 11:51 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265198
|
8.1 |
HIGH
Network
|
zabbix
|
zabbix
|
The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, all…
|
CWE-89
SQL Injection
|
CVE-2016-4338
|
2024-11-21 11:51 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265199
|
6.1 |
MEDIUM
Network
|
typo3
|
typo3
|
Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a …
|
CWE-79
Cross-site Scripting
|
CVE-2016-4056
|
2024-11-21 11:51 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265200
|
6.5 |
MEDIUM
Network
|
momentjs
tenable
oracle
|
moment
nessus
primavera_unifier
|
The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Ser…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2016-4055
|
2024-11-21 11:51 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
