Max CVSS | 9.3 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2016-1244 | 9.3 |
The extractTree function in unADF allows remote attackers to execute arbitrary code via shell metacharacters in a directory name in an adf file.
|
15-03-2024 - 19:15 | 03-10-2016 - 18:59 | |
CVE-2016-1243 | 7.5 |
Stack-based buffer overflow in the extractTree function in unADF allows remote attackers to execute arbitrary code via a long pathname.
|
15-03-2024 - 19:15 | 03-10-2016 - 18:59 | |
CVE-2016-1240 | 7.2 |
The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-jav
|
06-02-2023 - 19:15 | 03-10-2016 - 15:59 | |
CVE-2016-5281 | 7.5 |
Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code a
|
30-10-2018 - 16:27 | 22-09-2016 - 22:59 | |
CVE-2016-5284 | 4.3 |
Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.
|
30-10-2018 - 16:27 | 22-09-2016 - 22:59 | |
CVE-2016-5280 | 7.5 |
Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirec
|
30-10-2018 - 16:27 | 22-09-2016 - 22:59 | |
CVE-2016-5270 | 7.5 |
Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds
|
12-06-2018 - 01:29 | 22-09-2016 - 22:59 | |
CVE-2016-5274 | 7.5 |
Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction b
|
12-06-2018 - 01:29 | 22-09-2016 - 22:59 | |
CVE-2016-5250 | 5.0 |
Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.
|
12-06-2018 - 01:29 | 05-08-2016 - 01:59 | |
CVE-2016-5276 | 7.5 |
Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denia
|
12-06-2018 - 01:29 | 22-09-2016 - 22:59 | |
CVE-2016-5277 | 7.5 |
Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corrup
|
12-06-2018 - 01:29 | 22-09-2016 - 22:59 | |
CVE-2016-5257 | 7.5 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly e
|
12-06-2018 - 01:29 | 22-09-2016 - 22:59 | |
CVE-2016-5272 | 6.8 |
The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execut
|
12-06-2018 - 01:29 | 22-09-2016 - 22:59 | |
CVE-2016-5278 | 6.8 |
Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled
|
12-06-2018 - 01:29 | 22-09-2016 - 22:59 | |
CVE-2016-5261 | 7.5 |
Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets th
|
12-06-2018 - 01:29 | 05-08-2016 - 01:59 | |
CVE-2016-7401 | 5.0 |
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.
|
05-01-2018 - 02:31 | 03-10-2016 - 18:59 | |
CVE-2016-7044 | 5.0 |
The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code.
|
30-07-2017 - 01:29 | 27-09-2016 - 15:59 | |
CVE-2016-7045 | 5.0 |
The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string.
|
30-07-2017 - 01:29 | 27-09-2016 - 15:59 | |
CVE-2003-0652 | 4.6 |
Buffer overflow in xtokkaetama allows local users to gain privileges via a long -nickname command line argument, a different vulnerability than CVE-2003-0611.
|
18-10-2016 - 02:36 | 27-08-2003 - 04:00 | |
CVE-2016-6801 | 6.8 |
Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3
|
04-10-2016 - 17:36 | 21-09-2016 - 14:25 | |
CVE-2016-7176 | 4.3 |
epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x before 2.0.6 calls snprintf with one of its input buffers as the output buffer, which allows remote attackers to cause a denial of service (copy overlap and application crash) via
|
30-09-2016 - 15:13 | 09-09-2016 - 10:59 | |
CVE-2016-7177 | 4.3 |
epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 does not restrict the number of channels, which allows remote attackers to cause a denial of service (buffer over-read and application crash) vi
|
29-09-2016 - 14:36 | 09-09-2016 - 10:59 | |
CVE-2016-7180 | 4.3 |
epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service (use-after-free and application crash) v
|
29-09-2016 - 14:35 | 09-09-2016 - 10:59 | |
CVE-2016-7179 | 4.3 |
Stack-based buffer overflow in epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 dissector in Wireshark 2.x before 2.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted packet.
|
29-09-2016 - 14:35 | 09-09-2016 - 10:59 | |
CVE-2016-7178 | 4.3 |
epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 2.x before 2.0.6 does not ensure that memory is allocated for certain data structures, which allows remote attackers to cause a denial of service (invalid write access and applica
|
29-09-2016 - 14:33 | 09-09-2016 - 10:59 |