|
266221
|
7.5 |
HIGH
Network
|
samsung
|
samsung_mobile
|
Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C.
|
CWE-20
Improper Input Validation
|
CVE-2016-4547
|
2024-11-21 11:52 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266222
|
5.5 |
MEDIUM
Local
|
samsung
|
samsung_mobile
|
Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (IAndroidShm service crash) via crafted data in a service call.
|
CWE-20
Improper Input Validation
|
CVE-2016-4546
|
2024-11-21 11:52 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266223
|
5.5 |
MEDIUM
Local
|
uclouvain
fedoraproject
|
openjpeg
fedora
|
Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE:…
|
CWE-369
Divide By Zero
|
CVE-2016-4797
|
2024-11-21 11:52 |
2017-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266224
|
5.5 |
MEDIUM
Local
|
uclouvain
fedoraproject
|
openjpeg
fedora
|
Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-4796
|
2024-11-21 11:52 |
2017-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266225
|
5.5 |
MEDIUM
Local
|
mini-xml_project
debian
|
mini-xml
debian_linux
|
The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2016-4571
|
2024-11-21 11:52 |
2017-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266226
|
5.5 |
MEDIUM
Local
|
mini-xml_project
debian
|
mini-xml
debian_linux
|
The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2016-4570
|
2024-11-21 11:52 |
2017-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266227
|
7.5 |
HIGH
Network
|
cakephp
|
cakephp
|
The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.
|
CWE-20
Improper Input Validation
|
CVE-2016-4793
|
2024-11-21 11:52 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266228
|
6.8 |
MEDIUM
Physics
|
cryptsetup_project
|
cryptsetup
|
The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.
|
CWE-287
Improper Authentication
|
CVE-2016-4484
|
2024-11-21 11:52 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266229
|
6.1 |
MEDIUM
Network
|
roundcube
|
webmail
|
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message.
|
CWE-79
Cross-site Scripting
|
CVE-2016-4552
|
2024-11-21 11:52 |
2016-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266230
|
5.5 |
MEDIUM
Local
|
redhat
|
enterprise_virtualization
|
Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2016-4443
|
2024-11-21 11:52 |
2016-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
