CVE-2016-6160 (tcpreplay)
tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause a denial of service (segmentation fault) via a large frame.
Source: CVE-2016-6160 (tcpreplay)
[월:] 2017년 01월
CVE-2016-5876 (owncloud)
CVE-2016-5876 (owncloud)
ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote attackers to download arbitrary images via a direct request.
Source: CVE-2016-5876 (owncloud)
CVE-2016-5119 (keepass)
CVE-2016-5119 (keepass)
The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update.
Source: CVE-2016-5119 (keepass)
CVE-2016-5720 (skype)
CVE-2016-5720 (skype)
Multiple untrusted search path vulnerabilities in Microsoft Skype allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) msi.dll, (2) dpapi.dll, or (3) cryptui.dll that is located in the current working directory.
Source: CVE-2016-5720 (skype)
CVE-2016-6223 (libtiff)
CVE-2016-6223 (libtiff)
The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer.
Source: CVE-2016-6223 (libtiff)
CVE-2016-4793 (cakephp)
CVE-2016-4793 (cakephp)
The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.
Source: CVE-2016-4793 (cakephp)
CVE-2016-3177 (giflib)
CVE-2016-3177 (giflib)
Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors.
Source: CVE-2016-3177 (giflib)
CVE-2016-3147 (landesk_management_suite)
CVE-2016-3147 (landesk_management_suite)
Buffer overflow in the collector.exe listener of the Landesk Management Suite 10.0.0.271 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large packet.
CVE-2016-4055 (moment)
CVE-2016-4055 (moment)
The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."
Source: CVE-2016-4055 (moment)
CVE-2016-1417 (snort)
CVE-2016-1417 (snort)
Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tcapi.dll that is located in the same folder on a remote file share as a pcap file that is being processed.
Source: CVE-2016-1417 (snort)