Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-13 | CVE-2016-9310 | Resource Exhaustion vulnerability in NTP 4.2.4/4.2.7/4.2.8 The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. | 6.5 |
| 2017-01-13 | CVE-2016-9107 | Information Exposure vulnerability in OTR Gajim-Otr The OTR plugin for Gajim sends information in cleartext when using XHTML, which allows remote attackers to obtain sensitive information via unspecified vectors. | 7.5 |
| 2017-01-13 | CVE-2016-8883 | Resource Management Errors vulnerability in Jasper Project Jasper The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. | 5.5 |
| 2017-01-13 | CVE-2016-8882 | NULL Pointer Dereference vulnerability in Jasper Project Jasper The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. | 5.5 |
| 2017-01-13 | CVE-2016-8671 | Information Exposure vulnerability in Matrixssl The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via unspecified vectors. | 5.9 |
| 2017-01-13 | CVE-2016-8467 | Permissions, Privileges, and Access Controls vulnerability in Google Android An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. | 5.5 |
| 2017-01-13 | CVE-2016-7434 | Improper Input Validation vulnerability in multiple products The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query. | 7.5 |
| 2017-01-13 | CVE-2016-7433 | Incorrect Calculation vulnerability in NTP 4.2.4/4.2.7/4.2.8 NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion." | 5.3 |
| 2017-01-13 | CVE-2016-7431 | Improper Input Validation vulnerability in NTP 4.2.8 NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. | 5.3 |
| 2017-01-13 | CVE-2016-7429 | Source Code vulnerability in NTP 4.2.4/4.2.7/4.2.8 NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use. | 3.7 |