|
268331
|
7.3 |
HIGH
Network
|
kde
debian
fedoraproject
suse
|
kmail
debian_linux
fedora
linux_enterprise
|
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal si…
|
CWE-94
Code Injection
|
CVE-2016-7966
|
2024-11-21 11:58 |
2016-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268332
|
4.9 |
MEDIUM
Network
|
kde
opensuse
|
kde-cli-tools
leap
opensuse
|
A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.
|
CWE-94
Code Injection
|
CVE-2016-7787
|
2024-11-21 11:58 |
2016-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268333
|
5.5 |
MEDIUM
Local
|
ffmpeg
|
ffmpeg
|
The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file.
|
CWE-476
NULL Pointer Dereference
|
CVE-2016-7905
|
2024-11-21 11:58 |
2016-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268334
|
5.5 |
MEDIUM
Local
|
ffmpeg
|
ffmpeg
|
The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.
|
CWE-20
Improper Input Validation
|
CVE-2016-7785
|
2024-11-21 11:58 |
2016-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268335
|
5.5 |
MEDIUM
Local
|
ffmpeg
|
ffmpeg
|
The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-7562
|
2024-11-21 11:58 |
2016-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268336
|
5.5 |
MEDIUM
Local
|
ffmpeg
|
ffmpeg
|
The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure.
|
CWE-200
Information Exposure
|
CVE-2016-7555
|
2024-11-21 11:58 |
2016-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268337
|
7.8 |
HIGH
Local
|
ffmpeg
|
ffmpeg
|
The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode.
|
CWE-125
Out-of-bounds Read
|
CVE-2016-7502
|
2024-11-21 11:58 |
2016-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268338
|
7.8 |
HIGH
Local
|
ffmpeg
|
ffmpeg
|
The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file.
|
CWE-125
Out-of-bounds Read
|
CVE-2016-7450
|
2024-11-21 11:58 |
2016-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268339
|
9.8 |
CRITICAL
Network
|
bundler
|
bundler
|
Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334.
|
CWE-94
Code Injection
|
CVE-2016-7954
|
2024-11-21 11:58 |
2016-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268340
|
8.0 |
HIGH
Adjacent
|
technicolor
|
xfinity_gateway_router_dpc3941t_firmware
|
CSRF vulnerability on Technicolor TC dpc3941T (formerly Cisco dpc3941T) devices with firmware dpc3941-P20-18-v303r20421733-160413a-CMCST allows an attacker to change the Wi-Fi password, open the remo…
|
CWE-352
Origin Validation Error
|
CVE-2016-7454
|
2024-11-21 11:58 |
2016-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
