Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-03-03 CVE-2016-7972 Resource Management Errors vulnerability in multiple products
The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.
network
low complexity
opensuse fedoraproject libass-project CWE-399
7.5
7.5
2017-03-03 CVE-2016-7970 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors.
network
low complexity
fedoraproject libass-project CWE-119
7.5
7.5
2017-03-03 CVE-2016-7969 Out-of-bounds Read vulnerability in multiple products
The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."
network
low complexity
opensuse fedoraproject libass-project CWE-125
7.5
7.5
2017-03-03 CVE-2016-7409 Information Exposure vulnerability in Dropbear SSH Project Dropbear SSH
The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -v argument, related to a failed remote ident.
local
low complexity
dropbear-ssh-project CWE-200
5.5
5.5
2017-03-03 CVE-2016-7408 Improper Access Control vulnerability in Dropbear SSH Project Dropbear SSH
The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument.
network
low complexity
dropbear-ssh-project CWE-284
8.8
8.8
2017-03-03 CVE-2016-7407 Improper Input Validation vulnerability in Dropbear SSH Project Dropbear SSH
The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file.
network
low complexity
dropbear-ssh-project CWE-20
critical
 9.8
9.8
2017-03-03 CVE-2016-7406 Improper Input Validation vulnerability in Dropbear SSH Project Dropbear SSH
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.
network
low complexity
dropbear-ssh-project CWE-20
critical
 9.8
9.8
2017-03-03 CVE-2016-6884 Out-of-bounds Read vulnerability in Matrixssl 3.8.2
TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL before 3.8.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted message.
network
low complexity
matrixssl CWE-125
6.5
6.5
2017-03-03 CVE-2016-6883 Information Exposure vulnerability in Matrixssl 3.8.2
MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack.
network
high complexity
matrixssl CWE-200
5.9
5.9
2017-03-03 CVE-2016-6882 Key Management Errors vulnerability in Matrixssl
MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack.
network
high complexity
matrixssl CWE-320
5.9
5.9