|
272381
|
4.5 |
MEDIUM
Network
|
gajim
|
gajim
|
Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypte…
|
CWE-310
Cryptographic Issues
|
CVE-2016-10376
|
2024-11-21 11:43 |
2017-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272382
|
9.8 |
CRITICAL
Network
|
yodl_project
|
yodl
|
Yodl before 3.07.01 has a Buffer Over-read in the queue_push function in queue/queuepush.c.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-10375
|
2024-11-21 11:43 |
2017-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272383
|
7.5 |
HIGH
Network
|
vanillaforums
|
vanilla
|
The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a cr…
|
CWE-200
Information Exposure
|
CVE-2016-10073
|
2024-11-21 11:43 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272384
|
5.5 |
MEDIUM
Local
|
perltidy_project
|
perltidy
|
perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protect…
|
CWE-59
Link Following
|
CVE-2016-10374
|
2024-11-21 11:43 |
2017-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272385
|
9.8 |
CRITICAL
Network
|
eir
|
d1000_modem_firmware
|
The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-10372
|
2024-11-21 11:43 |
2017-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272386
|
7.0 |
HIGH
Local
|
google
|
android
|
A time-of-check time-of-use race condition could potentially exist in the secure file system in all Android releases from CAF using the Linux kernel.
|
CWE-362
Race Condition
|
CVE-2016-10242
|
2024-11-21 11:43 |
2017-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272387
|
7.8 |
HIGH
Local
|
google
|
android
|
In TrustZone access control policy may potentially be bypassed in all Android releases from CAF using the Linux kernel due to improper input validation an integer overflow vulnerability leading to a …
|
CWE-119
CWE-190
Incorrect Access of Indexable Resource ('Range Error')
Integer Overflow or Wraparound
|
CVE-2016-10239
|
2024-11-21 11:43 |
2017-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272388
|
7.8 |
HIGH
Local
|
google
|
android
|
In QSEE in all Android releases from CAF using the Linux kernel access control may potentially be bypassed due to a page alignment issue.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-10238
|
2024-11-21 11:43 |
2017-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272389
|
7.8 |
HIGH
Local
|
google
|
android
|
If shared content protection memory were passed as the secure camera memory buffer by the HLOS to a trusted application (TA) in all Android releases from CAF using the Linux kernel, the TA would not …
|
CWE-284
Improper Access Control
|
CVE-2016-10237
|
2024-11-21 11:43 |
2017-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272390
|
7.5 |
HIGH
Network
|
synology
|
photo_station
|
Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter.
|
CWE-22
Path Traversal
|
CVE-2016-10331
|
2024-11-21 11:43 |
2017-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
