|
265271
|
6.5 |
MEDIUM
Network
|
libdwarf_project
|
libdwarf
|
The create_fullest_file_path function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted dwarf file.
|
CWE-476
NULL Pointer Dereference
|
CVE-2016-5029
|
2024-11-21 11:53 |
2017-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265272
|
6.5 |
MEDIUM
Network
|
libdwarf_project
|
libdwarf
|
The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via an object file with empty bss-like sections.
|
CWE-476
NULL Pointer Dereference
|
CVE-2016-5028
|
2024-11-21 11:53 |
2017-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265273
|
9.8 |
CRITICAL
Network
|
fedoraproject
zend
|
fedora
zend_framework
|
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from …
|
CWE-89
SQL Injection
|
CVE-2016-4861
|
2024-11-21 11:53 |
2017-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265274
|
9.8 |
CRITICAL
Network
|
froxlor
|
froxlor
|
Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value.
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2016-5100
|
2024-11-21 11:53 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265275
|
6.1 |
MEDIUM
Network
|
jenkins
|
build_failure_analyzer
|
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2016-4988
|
2024-11-21 11:53 |
2017-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265276
|
6.5 |
MEDIUM
Network
|
jenkins
|
image_gallery
|
Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields.
|
CWE-22
Path Traversal
|
CVE-2016-4987
|
2024-11-21 11:53 |
2017-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265277
|
7.5 |
HIGH
Network
|
jenkins
|
tap
|
Directory traversal vulnerability in the TAP plugin before 1.25 in Jenkins allows remote attackers to read arbitrary files via an unspecified parameter.
|
CWE-22
Path Traversal
|
CVE-2016-4986
|
2024-11-21 11:53 |
2017-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265278
|
5.5 |
MEDIUM
Local
|
libtiff
|
libtiff
|
Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file.
|
CWE-20
Improper Input Validation
|
CVE-2016-5102
|
2024-11-21 11:53 |
2017-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265279
|
5.5 |
MEDIUM
Local
|
graphicsmagick
debian
opensuse
|
graphicsmagick
debian_linux
leap
opensuse
|
magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.
|
CWE-189
Numeric Errors
|
CVE-2016-5241
|
2024-11-21 11:53 |
2017-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265280
|
5.5 |
MEDIUM
Local
|
libavformat_project
|
libavformat
|
The avcodec_decode_audio4 function in libavcodec in libavformat 57.34.103, as used in MPlayer, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file.
|
CWE-125
Out-of-bounds Read
|
CVE-2016-5115
|
2024-11-21 11:53 |
2017-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
