Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-01-23 | CVE-2016-7792 | Improper Access Control vulnerability in Ubiquiti Networks Unifi AP AC Lite Firmware Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it. | 8.8 |
2017-01-23 | CVE-2016-7567 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Openslp 2.0.0 Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string. | 9.8 |
2017-01-23 | CVE-2016-7410 | Out-of-bounds Read vulnerability in Libdwarf Project Libdwarf 20160613 The _dwarf_read_loc_section function in dwarf_loc.c in libdwarf 20160613 allows attackers to cause a denial of service (buffer over-read) via a crafted file. | 5.5 |
2017-01-23 | CVE-2016-7102 | Code Injection vulnerability in Owncloud Desktop Client ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive. | 8.4 |
2017-01-23 | CVE-2016-7037 | 7PK - Time and State vulnerability in JWT Project JWT The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing attack. | 7.5 |
2017-01-23 | CVE-2016-7036 | 7PK - Time and State vulnerability in Python-Jose Project Python-Jose python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys. | 9.8 |
2017-01-23 | CVE-2016-6920 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions. | 7.5 |
2017-01-23 | CVE-2016-6668 | Information Exposure vulnerability in Atlassian Confluence Server and Jira Integration for Hipchat The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages. | 7.5 |
2017-01-23 | CVE-2016-6603 | Improper Input Validation vulnerability in Zohocorp Webnms Framework 5.2 ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header. | 9.8 |
2017-01-23 | CVE-2016-6602 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Zohocorp Webnms Framework 5.2 ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. | 9.8 |