Max CVSS | 6.8 | Min CVSS | 4.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2015-8971 | 4.6 |
Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.
|
24-02-2020 - 19:44 | 23-01-2017 - 21:59 | |
CVE-2003-0615 | 4.3 |
Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.
|
03-05-2018 - 01:29 | 27-08-2003 - 04:00 | |
CVE-2016-9376 | 4.3 |
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length valu
|
28-07-2017 - 01:29 | 17-11-2016 - 05:59 | |
CVE-2016-9373 | 4.3 |
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss
|
28-07-2017 - 01:29 | 17-11-2016 - 05:59 | |
CVE-2016-9374 | 4.3 |
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable prope
|
28-07-2017 - 01:29 | 17-11-2016 - 05:59 | |
CVE-2016-9375 | 4.3 |
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful.
|
28-07-2017 - 01:29 | 17-11-2016 - 05:59 | |
CVE-2016-9190 | 6.8 |
Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component.
|
01-07-2017 - 01:30 | 04-11-2016 - 10:59 | |
CVE-2016-9189 | 4.3 |
Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component.
|
01-07-2017 - 01:30 | 04-11-2016 - 10:59 | |
CVE-2016-9119 | 4.3 |
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
03-02-2017 - 15:59 | 30-01-2017 - 22:59 | |
CVE-2016-7148 | 4.3 |
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile (via page name) component.
|
01-02-2017 - 02:59 | 10-11-2016 - 17:59 | |
CVE-2016-7146 | 4.3 |
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=fckdialog&dialog=attachment (via page name) co
|
01-02-2017 - 02:59 | 10-11-2016 - 17:59 | |
CVE-2016-9451 | 4.9 |
Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.
|
07-01-2017 - 03:00 | 25-11-2016 - 18:59 | |
CVE-2016-9449 | 4.0 |
The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags.
|
07-01-2017 - 03:00 | 25-11-2016 - 18:59 |