|
267371
|
9.8 |
CRITICAL
Network
|
kubernetes
|
kubernetes
|
Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-1906
|
2024-11-21 11:47 |
2016-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267372
|
7.7 |
HIGH
Network
|
kubernetes
|
kubernetes
|
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
|
CWE-284
Improper Access Control
|
CVE-2016-1905
|
2024-11-21 11:47 |
2016-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267373
|
8.8 |
HIGH
Network
|
janrain
|
php-openid
|
examples/consumer/common.php in JanRain PHP OpenID library (aka php-openid) improperly checks the openid.realm parameter against the SERVER_NAME element in the SERVER superglobal array, which might a…
|
CWE-284
Improper Access Control
|
CVE-2016-2049
|
2024-11-21 11:47 |
2016-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267374
|
5.3 |
MEDIUM
Network
|
google
mozilla
|
android
firefox
|
Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modi…
|
CWE-310
Cryptographic Issues
|
CVE-2016-1948
|
2024-11-21 11:47 |
2016-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267375
|
4.7 |
MEDIUM
Network
|
canonical
opensuse
mozilla
|
ubuntu_linux
leap
opensuse
firefox
|
Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of re…
|
CWE-19
Data Processing Errors
|
CVE-2016-1947
|
2024-11-21 11:47 |
2016-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267376
|
9.8 |
CRITICAL
Network
|
opensuse
mozilla
|
leap
opensuse
firefox
|
The MoofParser::Metadata function in binding/MoofParser.cpp in libstagefright in Mozilla Firefox before 44.0 does not limit the size of read operations, which might allow remote attackers to cause a …
|
CWE-119
CWE-189
Incorrect Access of Indexable Resource ('Range Error')
Numeric Errors
|
CVE-2016-1946
|
2024-11-21 11:47 |
2016-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267377
|
8.8 |
HIGH
Network
|
mozilla
opensuse
|
firefox
leap
opensuse
|
The nsZipArchive function in Mozilla Firefox before 44.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect use of a pointer d…
|
NVD-CWE-noinfo
|
CVE-2016-1945
|
2024-11-21 11:47 |
2016-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267378
|
9.8 |
CRITICAL
Network
|
mozilla
opensuse
|
firefox
leap
opensuse
|
The Buffer11::NativeBuffer11::map function in ANGLE, as used in Mozilla Firefox before 44.0, might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-1944
|
2024-11-21 11:47 |
2016-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267379
|
4.7 |
MEDIUM
Network
|
opensuse
mozilla
google
|
leap
opensuse
firefox
android
|
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.
|
CWE-17
Code
|
CVE-2016-1943
|
2024-11-21 11:47 |
2016-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267380
|
7.4 |
HIGH
Network
|
opensuse
mozilla
|
leap
opensuse
firefox
|
Mozilla Firefox before 44.0 allows user-assisted remote attackers to spoof a trailing substring in the address bar by leveraging a user's paste of a (1) wyciwyg: URI or (2) resource: URI.
|
CWE-20
Improper Input Validation
|
CVE-2016-1942
|
2024-11-21 11:47 |
2016-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
