| Max CVSS | 9.3 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2016-0898 | 5.0 |
MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM.
|
09-09-2021 - 17:33 | 29-03-2018 - 22:29 | |
| CVE-2016-9879 | 5.0 |
An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "
|
08-06-2021 - 18:22 | 06-01-2017 - 22:59 | |
| CVE-2017-7950 | 4.3 |
Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted PCX file.
|
04-08-2020 - 13:56 | 07-07-2017 - 11:29 | |
| CVE-2016-10034 | 7.5 |
The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently e
|
21-10-2018 - 10:29 | 30-12-2016 - 19:59 | |
| CVE-2016-10075 | 4.6 |
The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory.
|
21-10-2018 - 10:29 | 19-01-2017 - 20:59 | |
| CVE-2016-8785 | 4.3 |
Huawei S12700 V200R007C00, V200R008C00, S5700 V200R007C00, S7700 V200R002C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, S9700 V200R007C00 have an input validation vulnerability. Due to the lack of input validation, an attacker may craft a m
|
26-03-2018 - 15:24 | 09-03-2018 - 21:29 | |
| CVE-2016-9809 | 6.8 |
Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read.
|
05-01-2018 - 02:31 | 13-01-2017 - 16:59 | |
| CVE-2016-9807 | 4.3 |
The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file.
|
05-01-2018 - 02:31 | 13-01-2017 - 16:59 | |
| CVE-2016-10074 | 7.5 |
The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mai
|
04-11-2017 - 01:29 | 30-12-2016 - 19:59 | |
| CVE-2008-1574 | 9.3 |
Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image that triggers a heap-based buffer overflow.
|
08-08-2017 - 01:30 | 02-06-2008 - 21:30 | |
| CVE-2004-2125 | 4.6 |
Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other versions before 3.6.ccb, with application protection off, allows local users to gain system privileges by modifying the .INI file to contain a long packetLog.fileprefix value.
|
11-07-2017 - 01:31 | 31-12-2004 - 05:00 | |
| CVE-2016-8980 | 7.5 |
IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all av
|
13-02-2017 - 22:25 | 01-02-2017 - 20:59 | |
| CVE-2016-6065 | 7.2 |
IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root.
|
07-02-2017 - 20:43 | 01-02-2017 - 20:59 |