Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-02-09 CVE-2016-4988 Cross-site Scripting vulnerability in Jenkins Build Failure Analyzer
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.
network
low complexity
jenkins CWE-79
6.1
2017-02-09 CVE-2016-4987 Path Traversal vulnerability in Jenkins Image Gallery
Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields.
network
low complexity
jenkins CWE-22
6.5
2017-02-09 CVE-2016-4986 Path Traversal vulnerability in Jenkins TAP
Directory traversal vulnerability in the TAP plugin before 1.25 in Jenkins allows remote attackers to read arbitrary files via an unspecified parameter.
network
low complexity
jenkins CWE-22
7.5
2017-02-09 CVE-2016-3102 7PK - Security Features vulnerability in Jenkins Script Security
The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set array operations.
network
low complexity
jenkins CWE-254
7.3
2017-02-09 CVE-2016-3101 Cross-site Scripting vulnerability in Jenkins Extra Columns
Cross-site scripting (XSS) vulnerability in the Extra Columns plugin before 1.17 in Jenkins allows remote attackers to inject arbitrary web script or HTML by leveraging failure to filter tool tips through the configured markup formatter.
network
low complexity
jenkins CWE-79
5.4
2017-02-09 CVE-2016-2148 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing.
network
low complexity
busybox debian canonical CWE-119
critical
9.8
2017-02-09 CVE-2016-2147 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.
network
low complexity
busybox debian canonical CWE-190
7.5
2017-02-09 CVE-2016-10199 Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer
The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value.
network
low complexity
gstreamer-project CWE-125
7.5
2017-02-09 CVE-2016-10198 Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer
The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file.
local
low complexity
gstreamer-project CWE-125
5.5
2017-02-09 CVE-2016-10192 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg
Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size.
network
low complexity
ffmpeg CWE-119
critical
9.8