Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-01-25 CVE-2016-9304 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Autodesk FBX Software Development KIT
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DFX format files.
network
low complexity
autodesk CWE-119
8.8
2017-01-25 CVE-2016-9303 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Autodesk FBX Software Development KIT
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code or cause an infinite loop condition when reading or converting malformed FBX format files.
network
low complexity
autodesk CWE-119
critical
9.8
2017-01-25 CVE-2017-5594 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Pagekit
An issue was discovered in Pagekit CMS before 1.0.11.
network
high complexity
pagekit CWE-640
7.5
2017-01-25 CVE-2016-8215 Cross-site Scripting vulnerability in EMC RSA Security Analytics
EMC RSA Security Analytics 10.5.3 and 10.6.2 contains fixes for a Reflected Cross-Site Scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.
network
low complexity
emc CWE-79
6.1
2017-01-25 CVE-2016-8214 Permission Issues vulnerability in EMC Avamar Data Store and Avamar Virtual Edition
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers.
local
low complexity
emc CWE-275
6.7
2017-01-24 CVE-2016-10162 NULL Pointer Dereference vulnerability in PHP
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.
network
low complexity
php CWE-476
7.5
2017-01-24 CVE-2016-10161 Out-of-bounds Read vulnerability in PHP
The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call.
network
low complexity
php CWE-125
7.5
2017-01-24 CVE-2016-10160 Off-by-one Error vulnerability in multiple products
Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.
network
low complexity
php netapp debian CWE-193
critical
9.8
2017-01-24 CVE-2016-10159 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.
network
low complexity
php debian CWE-190
7.5
2017-01-24 CVE-2016-10158 Numeric Errors vulnerability in PHP
The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1.
network
low complexity
php CWE-189
7.5