|
265081
|
9.8 |
CRITICAL
Network
|
linux
|
linux_kernel
|
The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-…
|
CWE-125
Out-of-bounds Read
|
CVE-2016-9555
|
2024-11-21 12:01 |
2016-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265082
|
6.5 |
MEDIUM
Network
|
drupal
|
drupal
|
The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote attackers to cause a denial of service via a crafted URL.
|
CWE-20
Improper Input Validation
|
CVE-2016-9452
|
2024-11-21 12:01 |
2016-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265083
|
6.8 |
MEDIUM
Network
|
drupal
|
drupal
|
Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.
|
CWE-601
Open Redirect
|
CVE-2016-9451
|
2024-11-21 12:01 |
2016-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265084
|
7.5 |
HIGH
Network
|
drupal
|
drupal
|
The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2016-9450
|
2024-11-21 12:01 |
2016-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265085
|
4.3 |
MEDIUM
Network
|
drupal
|
drupal
|
The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of acc…
|
CWE-200
Information Exposure
|
CVE-2016-9449
|
2024-11-21 12:01 |
2016-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265086
|
5.5 |
MEDIUM
Local
|
samsung
|
samsung_mobile
|
The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. This can be exp…
|
CWE-200
Information Exposure
|
CVE-2016-9567
|
2024-11-21 12:01 |
2016-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265087
|
7.5 |
HIGH
Network
|
sap
|
netweaver_application_server_java
|
SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP …
|
CWE-476
NULL Pointer Dereference
|
CVE-2016-9562
|
2024-11-21 12:01 |
2016-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265088
|
9.8 |
CRITICAL
Network
|
libtiff
|
libtiff
|
tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka "cpStripToTile heap-buffer-overflow."
|
CWE-119
CWE-787
Incorrect Access of Indexable Resource ('Range Error')
Out-of-bounds Write
|
CVE-2016-9540
|
2024-11-21 12:01 |
2016-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265089
|
9.8 |
CRITICAL
Network
|
libtiff
|
libtiff
|
tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092.
|
CWE-119
CWE-125
Incorrect Access of Indexable Resource ('Range Error')
Out-of-bounds Read
|
CVE-2016-9539
|
2024-11-21 12:01 |
2016-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265090
|
9.8 |
CRITICAL
Network
|
libtiff
|
libtiff
|
tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow. Reported as MSVR 35100.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2016-9538
|
2024-11-21 12:01 |
2016-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
