Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-01-23 CVE-2016-7792 Improper Access Control vulnerability in Ubiquiti Networks Unifi AP AC Lite Firmware
Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it.
low complexity
ubiquiti-networks CWE-284
8.8
2017-01-23 CVE-2016-7567 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Openslp 2.0.0
Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string.
network
low complexity
openslp CWE-119
critical
9.8
2017-01-23 CVE-2016-7410 Out-of-bounds Read vulnerability in Libdwarf Project Libdwarf 20160613
The _dwarf_read_loc_section function in dwarf_loc.c in libdwarf 20160613 allows attackers to cause a denial of service (buffer over-read) via a crafted file.
local
low complexity
libdwarf-project CWE-125
5.5
2017-01-23 CVE-2016-7102 Code Injection vulnerability in Owncloud Desktop Client
ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive.
local
low complexity
owncloud CWE-94
8.4
2017-01-23 CVE-2016-7037 7PK - Time and State vulnerability in JWT Project JWT
The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing attack.
network
low complexity
jwt-project CWE-361
7.5
2017-01-23 CVE-2016-7036 7PK - Time and State vulnerability in Python-Jose Project Python-Jose
python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.
network
low complexity
python-jose-project CWE-361
critical
9.8
2017-01-23 CVE-2016-6920 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg
Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions.
network
low complexity
ffmpeg CWE-119
7.5
2017-01-23 CVE-2016-6668 Information Exposure vulnerability in Atlassian Confluence Server and Jira Integration for Hipchat
The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages.
network
low complexity
atlassian CWE-200
7.5
2017-01-23 CVE-2016-6603 Improper Input Validation vulnerability in Zohocorp Webnms Framework 5.2
ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header.
network
low complexity
zohocorp CWE-20
critical
9.8
2017-01-23 CVE-2016-6602 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Zohocorp Webnms Framework 5.2
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml.
network
low complexity
zohocorp CWE-327
critical
9.8