Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-30 | CVE-2016-2399 | Integer Overflow or Wraparound vulnerability in Libquicktime 1.2.4 Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom. | 7.8 |
| 2017-01-30 | CVE-2016-2217 | Key Management Errors vulnerability in Dest-Unreach Socat 1.7.3.0/2.0.0 The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret. | 5.3 |
| 2017-01-30 | CVE-2016-10087 | NULL Pointer Dereference vulnerability in Libpng The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure. | 7.5 |
| 2017-01-30 | CVE-2015-8034 | Information Exposure vulnerability in Saltstack Salt The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file. | 3.3 |
| 2017-01-30 | CVE-2015-7331 | 7PK - Security Features vulnerability in Puppetlabs Mcollective-Puppet-Agent The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument. | 6.6 |
| 2017-01-30 | CVE-2015-2181 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Roundcube Webmail Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username. | 8.8 |
| 2017-01-30 | CVE-2015-2180 | Injection vulnerability in Roundcube Webmail The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password. | 8.8 |
| 2017-01-30 | CVE-2016-9939 | Improper Input Validation vulnerability in multiple products Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. | 7.5 |
| 2017-01-30 | CVE-2016-7544 | Resource Management Errors vulnerability in Cryptopp Crypto++ 5.6.4 Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. | 7.5 |
| 2017-01-30 | CVE-2016-2519 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NTP ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value. | 5.9 |