|
268411
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information vi…
|
CWE-200
Information Exposure
|
CVE-2016-6335
|
2024-11-21 11:55 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268412
|
6.1 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbi…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6334
|
2024-11-21 11:55 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268413
|
6.1 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrar…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6333
|
2024-11-21 11:55 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268414
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to ter…
|
CWE-200
Information Exposure
|
CVE-2016-6332
|
2024-11-21 11:55 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268415
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php.
|
CWE-284
Improper Access Control
|
CVE-2016-6331
|
2024-11-21 11:55 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268416
|
7.8 |
HIGH
Local
|
fedoraproject
mock_project
|
fedora
scm_plugin
|
The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-6299
|
2024-11-21 11:55 |
2017-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268417
|
9.8 |
CRITICAL
Network
|
sap
|
hana
|
SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806.
|
CWE-284
Improper Access Control
|
CVE-2016-6143
|
2024-11-21 11:55 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268418
|
6.1 |
MEDIUM
Network
|
redhat
|
resteasy
|
JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.
|
CWE-79
Cross-site Scripting
|
CVE-2016-6348
|
2024-11-21 11:55 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268419
|
7.0 |
HIGH
Local
|
linux
google
|
linux_kernel
android
|
Drivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android kernel 2017-03-05 allows local users to gain privileges, a different vulnerability than CVE-2016-5857.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-5856
|
2024-11-21 11:55 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268420
|
8.8 |
HIGH
Network
|
ibm
|
disposal_and_governance_management_for_it
global_retention_policy_and_schedule_management
|
IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management, components of IBM Atlas Policy Suite 6.0.3 is vulnerable to cross-site request forgery which cou…
|
CWE-352
Origin Validation Error
|
CVE-2016-6100
|
2024-11-21 11:55 |
2017-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
