Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-01-31 CVE-2016-8698 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Potrace Project Potrace
Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8699, CVE-2016-8700, CVE-2016-8701, CVE-2016-8702, and CVE-2016-8703.
local
low complexity
potrace-project CWE-119
7.8
2017-01-31 CVE-2016-8697 Divide By Zero vulnerability in Potrace Project Potrace
The bm_new function in bitmap.h in potrace before 1.13 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted BMP image.
local
low complexity
potrace-project CWE-369
5.5
2017-01-31 CVE-2016-8696 NULL Pointer Dereference vulnerability in Potrace Project Potrace
The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8694 and CVE-2016-8695.
local
low complexity
potrace-project CWE-476
5.5
2017-01-31 CVE-2016-8695 NULL Pointer Dereference vulnerability in Potrace Project Potrace
The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8694 and CVE-2016-8696.
local
low complexity
potrace-project CWE-476
5.5
2017-01-31 CVE-2016-8694 NULL Pointer Dereference vulnerability in Potrace Project Potrace
The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8695 and CVE-2016-8696.
local
low complexity
potrace-project CWE-476
5.5
2017-01-31 CVE-2016-8686 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Potrace Project Potrace
The bm_new function in bitmap.h in potrace 1.13 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.
local
low complexity
potrace-project CWE-119
7.8
2017-01-31 CVE-2016-8685 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Potrace Project Potrace
The findnext function in decompose.c in potrace 1.13 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted BMP image.
local
low complexity
potrace-project CWE-119
5.5
2017-01-31 CVE-2016-6329 Information Exposure vulnerability in Openvpn
OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.
network
high complexity
openvpn CWE-200
5.9
2017-01-31 CVE-2016-6285 Cross-site Scripting vulnerability in Atlassian Jira
Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.
network
low complexity
atlassian CWE-79
6.1
2017-01-31 CVE-2015-8977 Information Exposure Through Log Files vulnerability in Mybb Merge System and Mybb
MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the installation path via vectors involving error log files.
network
low complexity
mybb CWE-532
7.5