|
271481
|
5.5 |
MEDIUM
Local
|
libavformat_project
|
libavformat
|
Integer overflow in the demuxer function in libmpdemux/demux_gif.c in Mplayer allows remote attackers to cause a denial of service (crash) via large dimensions in a gif file.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2016-4352
|
2024-11-21 11:51 |
2017-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271482
|
7.8 |
HIGH
Local
|
samsung
|
samsung_mobile
|
Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L …
|
CWE-20
Improper Input Validation
|
CVE-2016-4038
|
2024-11-21 11:51 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271483
|
5.5 |
MEDIUM
Local
|
samsung
|
knox
|
ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly check the caller, which allows local users to read KNOX clipboard data via a crafted application.
|
CWE-200
Information Exposure
|
CVE-2016-3996
|
2024-11-21 11:51 |
2017-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271484
|
8.8 |
HIGH
Network
|
gitlab
|
gitlab
|
The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-4340
|
2024-11-21 11:51 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271485
|
8.1 |
HIGH
Network
|
zabbix
|
zabbix
|
The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, all…
|
CWE-89
SQL Injection
|
CVE-2016-4338
|
2024-11-21 11:51 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271486
|
6.1 |
MEDIUM
Network
|
typo3
|
typo3
|
Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a …
|
CWE-79
Cross-site Scripting
|
CVE-2016-4056
|
2024-11-21 11:51 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271487
|
6.5 |
MEDIUM
Network
|
momentjs
tenable
oracle
|
moment
nessus
primavera_unifier
|
The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Ser…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2016-4055
|
2024-11-21 11:51 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271488
|
9.8 |
CRITICAL
Network
|
magento
|
magento
|
Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.
|
CWE-74
Injection
|
CVE-2016-4010
|
2024-11-21 11:51 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271489
|
7.5 |
HIGH
Network
|
synacor
|
zimbra_collaboration_suite
|
Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 104477.
|
NVD-CWE-noinfo
|
CVE-2016-4019
|
2024-11-21 11:51 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271490
|
6.1 |
MEDIUM
Network
|
synacor
|
zimbra_collaboration_suite
|
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104552 and 104…
|
CWE-79
Cross-site Scripting
|
CVE-2016-3999
|
2024-11-21 11:51 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
