|
266601
|
5.5 |
MEDIUM
Local
|
realnetworks
|
realplayer
|
Improper handling of a repeating VRAT chunk in qcpfformat.dll allows attackers to cause a Null pointer dereference and crash in RealNetworks RealPlayer 18.1.5.705 through a crafted .QCP media file.
|
CWE-476
NULL Pointer Dereference
|
CVE-2016-9018
|
2024-11-21 12:00 |
2016-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266602
|
7.5 |
HIGH
Network
|
artifex
|
mujs
|
Artifex Software, Inc. MuJS before a5c747f1d40e8d6659a37a8d25f13fb5acf8e767 allows context-dependent attackers to obtain sensitive information by using the "opname in crafted JavaScript file" approac…
|
CWE-200
CWE-125
Information Exposure
Out-of-bounds Read
|
CVE-2016-9017
|
2024-11-21 12:00 |
2016-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266603
|
6.2 |
MEDIUM
Local
|
bitcoin_knots_project
|
bitcoin_knots
|
In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 (fixed in v0.13.1.knots20161027), the debug console stores sensitive information including private keys and the wallet passphrase in…
|
CWE-310
CWE-200
Cryptographic Issues
Information Exposure
|
CVE-2016-8889
|
2024-11-21 12:00 |
2016-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266604
|
6.2 |
MEDIUM
Local
|
botan_project
|
botan
|
In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to recover plaintext, aka an "OAEP side chan…
|
CWE-200
Information Exposure
|
CVE-2016-8871
|
2024-11-21 12:00 |
2016-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266605
|
7.5 |
HIGH
Network
|
docker
|
docker
|
Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or m…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-8867
|
2024-11-21 12:00 |
2016-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266606
|
6.1 |
MEDIUM
Network
|
hp
|
airwave
|
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting …
|
CWE-79
Cross-site Scripting
|
CVE-2016-8527
|
2024-11-21 11:59 |
2018-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266607
|
8.8 |
HIGH
Network
|
hp
|
airwave
|
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If…
|
CWE-611
XXE
|
CVE-2016-8526
|
2024-11-21 11:59 |
2018-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266608
|
9.1 |
CRITICAL
Network
|
pycsw
|
pycsw
|
A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to…
|
CWE-89
SQL Injection
|
CVE-2016-8640
|
2024-11-21 11:59 |
2018-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266609
|
8.1 |
HIGH
Network
|
redhat
|
keycloak
|
It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session…
|
CWE-287
Improper Authentication
|
CVE-2016-8609
|
2024-11-21 11:59 |
2018-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266610
|
7.8 |
HIGH
Local
|
jasper_project
redhat
debian
|
jasper
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
debian_linux
enterprise_linux_server_aus
enterprise_linux_server_eus
|
A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-8654
|
2024-11-21 11:59 |
2018-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
