|
268091
|
6.1 |
MEDIUM
Network
|
jenkins
|
build_failure_analyzer
|
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2016-4988
|
2024-11-21 11:53 |
2017-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268092
|
6.5 |
MEDIUM
Network
|
jenkins
|
image_gallery
|
Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields.
|
CWE-22
Path Traversal
|
CVE-2016-4987
|
2024-11-21 11:53 |
2017-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268093
|
7.5 |
HIGH
Network
|
jenkins
|
tap
|
Directory traversal vulnerability in the TAP plugin before 1.25 in Jenkins allows remote attackers to read arbitrary files via an unspecified parameter.
|
CWE-22
Path Traversal
|
CVE-2016-4986
|
2024-11-21 11:53 |
2017-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268094
|
5.5 |
MEDIUM
Local
|
libtiff
|
libtiff
|
Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file.
|
CWE-20
Improper Input Validation
|
CVE-2016-5102
|
2024-11-21 11:53 |
2017-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268095
|
5.5 |
MEDIUM
Local
|
graphicsmagick
debian
opensuse
|
graphicsmagick
debian_linux
leap
opensuse
|
magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.
|
CWE-189
Numeric Errors
|
CVE-2016-5241
|
2024-11-21 11:53 |
2017-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268096
|
5.5 |
MEDIUM
Local
|
libavformat_project
|
libavformat
|
The avcodec_decode_audio4 function in libavcodec in libavformat 57.34.103, as used in MPlayer, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file.
|
CWE-125
Out-of-bounds Read
|
CVE-2016-5115
|
2024-11-21 11:53 |
2017-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268097
|
5.9 |
MEDIUM
Network
|
openntpd
|
openntpd
|
OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid…
|
CWE-254
7PK - Security Features
|
CVE-2016-5117
|
2024-11-21 11:53 |
2017-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268098
|
5.5 |
MEDIUM
Local
|
onionshare
|
onionshare
|
hs.py in OnionShare before 0.9.1 allows local users to modify the hiddenservice by pre-creating the /tmp/onionshare directory.
|
CWE-284
Improper Access Control
|
CVE-2016-5026
|
2024-11-21 11:53 |
2017-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268099
|
4.8 |
MEDIUM
Local
|
valvesoftware
|
steamos
|
Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-5237
|
2024-11-21 11:53 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268100
|
7.5 |
HIGH
Network
|
keepass
|
keepass
|
The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update.
|
CWE-20
Improper Input Validation
|
CVE-2016-5119
|
2024-11-21 11:53 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
