|
268941
|
8.6 |
HIGH
Network
|
fasterxml
|
jackson-dataformat-xml
|
XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via ve…
|
CWE-611
CWE-918
XXE
Server-Side Request Forgery (SSRF)
|
CVE-2016-7051
|
2024-11-21 11:57 |
2017-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268942
|
7.0 |
HIGH
Local
|
todd_miller
|
sudo
|
sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.
|
CWE-284
Improper Access Control
|
CVE-2016-7032
|
2024-11-21 11:57 |
2017-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268943
|
7.5 |
HIGH
Network
|
botan_project
|
botan
|
The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value.
|
CWE-320
Key Management Errors
|
CVE-2016-6879
|
2024-11-21 11:57 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268944
|
9.8 |
CRITICAL
Network
|
botan_project
|
botan
|
The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have unspecified impact via vectors related to undefined behavior, as demonstra…
|
CWE-20
Improper Input Validation
|
CVE-2016-6878
|
2024-11-21 11:57 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268945
|
6.1 |
MEDIUM
Network
|
jqueryui
oracle
fedoraproject
netapp
redhat
juniper
debian
|
jquery_ui
weblogic_server
business_intelligence
hospitality_cruise_fleet_management
application_express
primavera_unifier
siebel_ui_framework
oss_support_tools
fedora
snapc…
|
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
|
CWE-79
Cross-site Scripting
|
CVE-2016-7103
|
2024-11-21 11:57 |
2017-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268946
|
5.5 |
MEDIUM
Local
|
libgd
|
libgd
|
The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related t…
|
CWE-125
Out-of-bounds Read
|
CVE-2016-6906
|
2024-11-21 11:57 |
2017-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268947
|
6.1 |
MEDIUM
Network
|
plone
|
plone
|
Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web…
|
CWE-79
Cross-site Scripting
|
CVE-2016-7140
|
2024-11-21 11:57 |
2017-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268948
|
6.1 |
MEDIUM
Network
|
plone
|
plone
|
Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web sc…
|
CWE-79
Cross-site Scripting
|
CVE-2016-7139
|
2024-11-21 11:57 |
2017-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268949
|
6.1 |
MEDIUM
Network
|
plone
|
plone
|
Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web…
|
CWE-79
Cross-site Scripting
|
CVE-2016-7138
|
2024-11-21 11:57 |
2017-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268950
|
6.1 |
MEDIUM
Network
|
plone
|
plone
|
Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing…
|
CWE-601
Open Redirect
|
CVE-2016-7137
|
2024-11-21 11:57 |
2017-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
