Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-01-23 CVE-2016-6920 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg
Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions.
network
low complexity
ffmpeg CWE-119
7.5
2017-01-23 CVE-2016-6668 Information Exposure vulnerability in Atlassian Confluence Server and Jira Integration for Hipchat
The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages.
network
low complexity
atlassian CWE-200
7.5
2017-01-23 CVE-2016-6603 Improper Input Validation vulnerability in Zohocorp Webnms Framework 5.2
ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header.
network
low complexity
zohocorp CWE-20
critical
9.8
2017-01-23 CVE-2016-6602 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Zohocorp Webnms Framework 5.2
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml.
network
low complexity
zohocorp CWE-327
critical
9.8
2017-01-23 CVE-2016-6601 Path Traversal vulnerability in Zohocorp Webnms Framework 5.2
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a ..
network
low complexity
zohocorp CWE-22
7.5
2017-01-23 CVE-2016-6600 Path Traversal vulnerability in Zohocorp Webnms Framework 5.2
Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a ..
network
low complexity
zohocorp CWE-22
critical
9.8
2017-01-23 CVE-2016-6582 7PK - Security Features vulnerability in Doorkeeper Project Doorkeeper
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification.
network
low complexity
doorkeeper-project CWE-254
critical
9.1
2017-01-23 CVE-2016-6521 Cross-Site Request Forgery (CSRF) vulnerability in Gopivotal Grails 1.5.9/2.0.6
Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors.
network
low complexity
gopivotal CWE-352
8.8
2017-01-23 CVE-2016-6517 Path Traversal vulnerability in Liferay 5.1.0
Directory traversal vulnerability in Liferay 5.1.0 allows remote attackers to have unspecified impact via a %2E%2E (encoded dot dot) in the minifierBundleDir parameter to barebone.jsp.
network
low complexity
liferay CWE-22
critical
9.8
2017-01-23 CVE-2016-6484 CRLF Injection vulnerability in Infoblox Netmri
CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf.
network
low complexity
infoblox CWE-93
6.1