|
268971
|
7.8 |
HIGH
Local
|
samsung
|
samsung_mobile
|
Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L …
|
CWE-20
Improper Input Validation
|
CVE-2016-4038
|
2024-11-21 11:51 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268972
|
5.5 |
MEDIUM
Local
|
samsung
|
knox
|
ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly check the caller, which allows local users to read KNOX clipboard data via a crafted application.
|
CWE-200
Information Exposure
|
CVE-2016-3996
|
2024-11-21 11:51 |
2017-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268973
|
8.8 |
HIGH
Network
|
gitlab
|
gitlab
|
The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-4340
|
2024-11-21 11:51 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268974
|
8.1 |
HIGH
Network
|
zabbix
|
zabbix
|
The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, all…
|
CWE-89
SQL Injection
|
CVE-2016-4338
|
2024-11-21 11:51 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268975
|
6.1 |
MEDIUM
Network
|
typo3
|
typo3
|
Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a …
|
CWE-79
Cross-site Scripting
|
CVE-2016-4056
|
2024-11-21 11:51 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268976
|
6.5 |
MEDIUM
Network
|
momentjs
tenable
oracle
|
moment
nessus
primavera_unifier
|
The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Ser…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2016-4055
|
2024-11-21 11:51 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268977
|
9.8 |
CRITICAL
Network
|
magento
|
magento
|
Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.
|
CWE-74
Injection
|
CVE-2016-4010
|
2024-11-21 11:51 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268978
|
7.5 |
HIGH
Network
|
synacor
|
zimbra_collaboration_suite
|
Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 104477.
|
NVD-CWE-noinfo
|
CVE-2016-4019
|
2024-11-21 11:51 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268979
|
6.1 |
MEDIUM
Network
|
synacor
|
zimbra_collaboration_suite
|
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104552 and 104…
|
CWE-79
Cross-site Scripting
|
CVE-2016-3999
|
2024-11-21 11:51 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268980
|
9.8 |
CRITICAL
Network
|
lexmark
|
perceptive_document_filters
|
An exploitable out-of-bounds write exists in the Bzip2 parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted Bzip2 document can lead to a stack-based buffer overflow…
|
CWE-787
Out-of-bounds Write
|
CVE-2016-4336
|
2024-11-21 11:51 |
2017-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
