Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-01-23 CVE-2016-6223 Numeric Errors vulnerability in Libtiff
The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer.
network
low complexity
libtiff CWE-189
critical
9.1
2017-01-23 CVE-2016-6164 Integer Overflow or Wraparound vulnerability in Ffmpeg
Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size.
network
low complexity
ffmpeg CWE-190
critical
9.8
2017-01-23 CVE-2016-6160 Resource Management Errors vulnerability in Broadcom Tcpreplay
tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause a denial of service (segmentation fault) via a large frame, a related issue to CVE-2017-14266.
network
low complexity
broadcom CWE-399
7.5
2017-01-23 CVE-2016-5876 Permissions, Privileges, and Access Controls vulnerability in Owncloud
ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote attackers to download arbitrary images via a direct request.
network
high complexity
owncloud CWE-264
5.9
2017-01-23 CVE-2016-5873 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP Pecl Http 3.0.1
Buffer overflow in the HTTP URL parsing functions in pecl_http before 3.0.1 might allow remote attackers to execute arbitrary code via non-printable characters in a URL.
network
low complexity
php CWE-119
critical
9.8
2017-01-23 CVE-2016-5742 SQL Injection vulnerability in Sixapart Movable Type and Movable Type Open Source
SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
sixapart CWE-89
critical
9.8
2017-01-23 CVE-2016-5720 Permissions, Privileges, and Access Controls vulnerability in Microsoft Skype
Multiple untrusted search path vulnerabilities in Microsoft Skype allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) msi.dll, (2) dpapi.dll, or (3) cryptui.dll that is located in the current working directory.
local
low complexity
microsoft CWE-264
7.8
2017-01-23 CVE-2016-5697 XML Injection (aka Blind XPath Injection) vulnerability in Onelogin Ruby-Saml
Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors.
network
low complexity
onelogin CWE-91
7.5
2017-01-23 CVE-2016-5237 Permissions, Privileges, and Access Controls vulnerability in Valvesoftware Steamos 3.42.16.13
Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse Steam.exe file.
local
low complexity
valvesoftware CWE-264
4.8
2017-01-23 CVE-2016-5119 Improper Input Validation vulnerability in Keepass
The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update.
network
high complexity
keepass CWE-20
7.5