|
266061
|
7.7 |
HIGH
Network
|
vmware
|
vcenter_server
|
VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote authenticated users to read arbitrary files via a (1) Log Browser, (2) Distributed Switch setup, or (3) Content Library XML docum…
|
CWE-611
XXE
|
CVE-2016-7459
|
2024-11-21 11:58 |
2016-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266062
|
5.8 |
MEDIUM
Network
|
vmware
|
vsphere_client
|
VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjun…
|
CWE-611
XXE
|
CVE-2016-7458
|
2024-11-21 11:58 |
2016-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266063
|
10.0 |
CRITICAL
Network
|
vmware
|
vrealize_operations
|
VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-7457
|
2024-11-21 11:58 |
2016-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266064
|
9.8 |
CRITICAL
Network
|
vmware
|
vsphere_data_protection
|
VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.
|
CWE-255
Credentials Management
|
CVE-2016-7456
|
2024-11-21 11:58 |
2016-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266065
|
6.5 |
MEDIUM
Network
|
kde
|
kmail
|
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed.
|
CWE-94
Code Injection
|
CVE-2016-7968
|
2024-11-21 11:58 |
2016-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266066
|
8.1 |
HIGH
Network
|
kde
|
kmail
|
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URL…
|
CWE-94
CWE-284
Code Injection
Improper Access Control
|
CVE-2016-7967
|
2024-11-21 11:58 |
2016-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266067
|
7.3 |
HIGH
Network
|
kde
debian
fedoraproject
suse
|
kmail
debian_linux
fedora
linux_enterprise
|
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal si…
|
CWE-94
Code Injection
|
CVE-2016-7966
|
2024-11-21 11:58 |
2016-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266068
|
4.9 |
MEDIUM
Network
|
kde
opensuse
|
kde-cli-tools
leap
opensuse
|
A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.
|
CWE-94
Code Injection
|
CVE-2016-7787
|
2024-11-21 11:58 |
2016-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266069
|
5.5 |
MEDIUM
Local
|
ffmpeg
|
ffmpeg
|
The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file.
|
CWE-476
NULL Pointer Dereference
|
CVE-2016-7905
|
2024-11-21 11:58 |
2016-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266070
|
5.5 |
MEDIUM
Local
|
ffmpeg
|
ffmpeg
|
The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.
|
CWE-20
Improper Input Validation
|
CVE-2016-7785
|
2024-11-21 11:58 |
2016-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
