|
264581
|
10.0 |
CRITICAL
Network
|
vmware
|
vrealize_operations
|
VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-7457
|
2024-11-21 11:58 |
2016-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264582
|
9.8 |
CRITICAL
Network
|
vmware
|
vsphere_data_protection
|
VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.
|
CWE-255
Credentials Management
|
CVE-2016-7456
|
2024-11-21 11:58 |
2016-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264583
|
6.5 |
MEDIUM
Network
|
kde
|
kmail
|
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed.
|
CWE-94
Code Injection
|
CVE-2016-7968
|
2024-11-21 11:58 |
2016-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264584
|
8.1 |
HIGH
Network
|
kde
|
kmail
|
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URL…
|
CWE-94
CWE-284
Code Injection
Improper Access Control
|
CVE-2016-7967
|
2024-11-21 11:58 |
2016-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264585
|
7.3 |
HIGH
Network
|
kde
debian
fedoraproject
suse
|
kmail
debian_linux
fedora
linux_enterprise
|
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal si…
|
CWE-94
Code Injection
|
CVE-2016-7966
|
2024-11-21 11:58 |
2016-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264586
|
4.9 |
MEDIUM
Network
|
kde
opensuse
|
kde-cli-tools
leap
opensuse
|
A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.
|
CWE-94
Code Injection
|
CVE-2016-7787
|
2024-11-21 11:58 |
2016-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264587
|
5.5 |
MEDIUM
Local
|
ffmpeg
|
ffmpeg
|
The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file.
|
CWE-476
NULL Pointer Dereference
|
CVE-2016-7905
|
2024-11-21 11:58 |
2016-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264588
|
5.5 |
MEDIUM
Local
|
ffmpeg
|
ffmpeg
|
The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.
|
CWE-20
Improper Input Validation
|
CVE-2016-7785
|
2024-11-21 11:58 |
2016-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264589
|
5.5 |
MEDIUM
Local
|
ffmpeg
|
ffmpeg
|
The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-7562
|
2024-11-21 11:58 |
2016-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264590
|
5.5 |
MEDIUM
Local
|
ffmpeg
|
ffmpeg
|
The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure.
|
CWE-200
Information Exposure
|
CVE-2016-7555
|
2024-11-21 11:58 |
2016-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
