|
268171
|
5.5 |
MEDIUM
Local
|
libav
|
libav
|
Stack-based buffer overflow in the aac_sync function in aac_parser.c in Libav before 11.5 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
|
CWE-125
Out-of-bounds Read
|
CVE-2016-7393
|
2024-11-21 11:57 |
2017-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268172
|
5.5 |
MEDIUM
Local
|
autotrace_project
|
autotrace
|
Heap-based buffer overflow in the pstoedit_suffix_table_init function in output-pstoedit.c in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted…
|
CWE-787
Out-of-bounds Write
|
CVE-2016-7392
|
2024-11-21 11:57 |
2017-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268173
|
9.8 |
CRITICAL
Network
|
exponentcms
|
exponent_cms
|
Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action,…
|
CWE-89
SQL Injection
|
CVE-2016-7400
|
2024-11-21 11:57 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268174
|
7.5 |
HIGH
Network
|
libtorrent
|
libtorrent
|
The construct function in puff.cpp in Libtorrent 1.1.0 allows remote torrent trackers to cause a denial of service (segmentation fault and crash) via a crafted GZIP response.
|
CWE-20
Improper Input Validation
|
CVE-2016-7164
|
2024-11-21 11:57 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268175
|
6.1 |
MEDIUM
Network
|
plone
|
plone
|
Cross-site scripting (XSS) vulnerability in the manage_findResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary w…
|
CWE-79
Cross-site Scripting
|
CVE-2016-7147
|
2024-11-21 11:57 |
2017-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268176
|
9.8 |
CRITICAL
Network
|
libgd
|
libgd
|
Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.
|
CWE-415
Double Free
|
CVE-2016-6912
|
2024-11-21 11:57 |
2017-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268177
|
5.5 |
MEDIUM
Local
|
libgd
|
libgd
|
The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.
|
CWE-125
Out-of-bounds Read
|
CVE-2016-6911
|
2024-11-21 11:57 |
2017-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268178
|
5.5 |
MEDIUM
Local
|
libdwarf_project
|
libdwarf
|
The _dwarf_read_loc_section function in dwarf_loc.c in libdwarf 20160613 allows attackers to cause a denial of service (buffer over-read) via a crafted file.
|
CWE-125
Out-of-bounds Read
|
CVE-2016-7410
|
2024-11-21 11:57 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268179
|
8.4 |
HIGH
Local
|
owncloud
|
owncloud_desktop_client
|
ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive.
|
CWE-94
Code Injection
|
CVE-2016-7102
|
2024-11-21 11:57 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268180
|
7.5 |
HIGH
Network
|
jwt_project
|
jwt
|
The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing attac…
|
CWE-361
7PK - Time and State
|
CVE-2016-7037
|
2024-11-21 11:57 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
