Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-06 | CVE-2016-2366 | Out-of-bounds Read vulnerability in multiple products A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. | 5.9 |
| 2017-01-06 | CVE-2016-2365 | NULL Pointer Dereference vulnerability in multiple products A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. | 5.9 |
| 2017-01-06 | CVE-2016-2339 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ruby-Lang Ruby 2.2.2/2.3.0 An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. | 9.8 |
| 2017-01-06 | CVE-2016-2337 | Unspecified vulnerability in Ruby-Lang Ruby 2.2.2/2.3.0 Type confusion exists in _cancel_eval Ruby's TclTkIp class method. | 9.8 |
| 2017-01-06 | CVE-2016-2336 | Unspecified vulnerability in Ruby-Lang Ruby 2.2.2/2.3.0 Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. | 9.8 |
| 2017-01-06 | CVE-2016-1550 | Information Exposure vulnerability in NTP 4.2.8 An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. | 5.3 |
| 2017-01-06 | CVE-2016-1549 | Data Processing Errors vulnerability in NTP 4.2.8 A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock. | 6.5 |
| 2017-01-06 | CVE-2016-1548 | Data Processing Errors vulnerability in NTP 4.2.8 An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. | 7.2 |
| 2017-01-06 | CVE-2016-1547 | Improper Input Validation vulnerability in NTP An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. | 5.3 |
| 2017-01-06 | CVE-2015-7848 | Integer Overflow or Wraparound vulnerability in NTP Ntp-Dev 4.3.70 An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. | 7.5 |