|
264981
|
7.5 |
HIGH
Network
|
jenkins
|
tap
|
Directory traversal vulnerability in the TAP plugin before 1.25 in Jenkins allows remote attackers to read arbitrary files via an unspecified parameter.
|
CWE-22
Path Traversal
|
CVE-2016-4986
|
2024-11-21 11:53 |
2017-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264982
|
5.5 |
MEDIUM
Local
|
libtiff
|
libtiff
|
Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file.
|
CWE-20
Improper Input Validation
|
CVE-2016-5102
|
2024-11-21 11:53 |
2017-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264983
|
5.5 |
MEDIUM
Local
|
graphicsmagick
debian
opensuse
|
graphicsmagick
debian_linux
leap
opensuse
|
magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.
|
CWE-189
Numeric Errors
|
CVE-2016-5241
|
2024-11-21 11:53 |
2017-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264984
|
5.5 |
MEDIUM
Local
|
libavformat_project
|
libavformat
|
The avcodec_decode_audio4 function in libavcodec in libavformat 57.34.103, as used in MPlayer, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file.
|
CWE-125
Out-of-bounds Read
|
CVE-2016-5115
|
2024-11-21 11:53 |
2017-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264985
|
5.9 |
MEDIUM
Network
|
openntpd
|
openntpd
|
OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid…
|
CWE-254
7PK - Security Features
|
CVE-2016-5117
|
2024-11-21 11:53 |
2017-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264986
|
5.5 |
MEDIUM
Local
|
onionshare
|
onionshare
|
hs.py in OnionShare before 0.9.1 allows local users to modify the hiddenservice by pre-creating the /tmp/onionshare directory.
|
CWE-284
Improper Access Control
|
CVE-2016-5026
|
2024-11-21 11:53 |
2017-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264987
|
4.8 |
MEDIUM
Local
|
valvesoftware
|
steamos
|
Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-5237
|
2024-11-21 11:53 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264988
|
7.5 |
HIGH
Network
|
keepass
|
keepass
|
The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update.
|
CWE-20
Improper Input Validation
|
CVE-2016-5119
|
2024-11-21 11:53 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264989
|
8.1 |
HIGH
Network
|
typo3
|
typo3
|
Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action.
|
CWE-254
7PK - Security Features
|
CVE-2016-5091
|
2024-11-21 11:53 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264990
|
5.4 |
MEDIUM
Network
|
moodle
|
moodle
|
In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course.
|
CWE-200
Information Exposure
|
CVE-2016-5014
|
2024-11-21 11:53 |
2017-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
