|
267331
|
5.5 |
MEDIUM
Local
|
ffmpeg
canonical
opensuse
|
ffmpeg
ubuntu_linux
leap
|
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request…
|
CWE-200
Information Exposure
|
CVE-2016-1897
|
2024-11-21 11:47 |
2016-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267332
|
9.8 |
CRITICAL
Network
|
debian
|
duck
|
duck before 0.10 did not properly handle loading of untrusted code from the current directory.
|
NVD-CWE-noinfo
|
CVE-2016-1239
|
2024-11-21 11:46 |
2022-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267333
|
8.8 |
HIGH
Network
|
lexmark
|
markvision_enterprise
|
Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2016-1487
|
2024-11-21 11:46 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267334
|
3.3 |
LOW
Local
|
nghttp2
fedoraproject
|
nghttp2
fedora
|
nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion).
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2016-1544
|
2024-11-21 11:46 |
2020-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267335
|
7.5 |
HIGH
Network
|
microfocus
|
identity_manager
|
The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability.
|
CWE-200
Information Exposure
|
CVE-2016-1600
|
2024-11-21 11:46 |
2019-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267336
|
7.5 |
HIGH
Network
|
snapweb
|
snapweb
|
The Snapweb interface before version 0.21.2 was exposing controls to install or remove snap packages without controlling the identity of the user, nor the origin of the connection. An attacker could …
|
CWE-284
Improper Access Control
|
CVE-2016-1587
|
2024-11-21 11:46 |
2019-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267337
|
7.5 |
HIGH
Network
|
oxide_project
|
oxide
|
A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3.
|
CWE-20
Improper Input Validation
|
CVE-2016-1586
|
2024-11-21 11:46 |
2019-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267338
|
9.8 |
CRITICAL
Network
|
canonical
|
apparmor
|
In all versions of AppArmor mount rules are accidentally widened when compiled.
|
CWE-254
7PK - Security Features
|
CVE-2016-1585
|
2024-11-21 11:46 |
2019-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267339
|
5.3 |
MEDIUM
Network
|
unity8
|
unity8
|
In all versions of Unity8 a running but not active application on a large-screen device could talk with Maliit and consume keyboard input.
|
CWE-399
Resource Management Errors
|
CVE-2016-1584
|
2024-11-21 11:46 |
2019-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267340
|
9.8 |
CRITICAL
Network
|
canonical
|
ubuntu_download_manager
|
UDM provides support for running commands after a download is completed, this is currently made use of for click package installation. This functionality was not restricted to unconfined applications…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-1579
|
2024-11-21 11:46 |
2019-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
