Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-01-23 | CVE-2016-6223 | Numeric Errors vulnerability in Libtiff The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer. | 9.1 |
2017-01-23 | CVE-2016-6164 | Integer Overflow or Wraparound vulnerability in Ffmpeg Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size. | 9.8 |
2017-01-23 | CVE-2016-6160 | Resource Management Errors vulnerability in Broadcom Tcpreplay tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause a denial of service (segmentation fault) via a large frame, a related issue to CVE-2017-14266. | 7.5 |
2017-01-23 | CVE-2016-5876 | Permissions, Privileges, and Access Controls vulnerability in Owncloud ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote attackers to download arbitrary images via a direct request. | 5.9 |
2017-01-23 | CVE-2016-5873 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP Pecl Http 3.0.1 Buffer overflow in the HTTP URL parsing functions in pecl_http before 3.0.1 might allow remote attackers to execute arbitrary code via non-printable characters in a URL. | 9.8 |
2017-01-23 | CVE-2016-5742 | SQL Injection vulnerability in Sixapart Movable Type and Movable Type Open Source SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 9.8 |
2017-01-23 | CVE-2016-5720 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Skype Multiple untrusted search path vulnerabilities in Microsoft Skype allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) msi.dll, (2) dpapi.dll, or (3) cryptui.dll that is located in the current working directory. | 7.8 |
2017-01-23 | CVE-2016-5697 | XML Injection (aka Blind XPath Injection) vulnerability in Onelogin Ruby-Saml Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors. | 7.5 |
2017-01-23 | CVE-2016-5237 | Permissions, Privileges, and Access Controls vulnerability in Valvesoftware Steamos 3.42.16.13 Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse Steam.exe file. | 4.8 |
2017-01-23 | CVE-2016-5119 | Improper Input Validation vulnerability in Keepass The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update. | 7.5 |