Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-02-15 CVE-2016-9560 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.
local
low complexity
jasper-project debian redhat CWE-787
7.8
2017-02-15 CVE-2016-9010 7PK - Security Features vulnerability in IBM Integration BUS and Websphere Message Broker
IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim.
network
low complexity
ibm CWE-254
6.1
2017-02-15 CVE-2016-8972 Permissions, Privileges, and Access Controls vulnerability in IBM AIX and Vios
IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client.
local
low complexity
ibm CWE-264
7.8
2017-02-15 CVE-2016-8968 Cross-site Scripting vulnerability in IBM Rational Collaborative Lifecycle Management 6.0.0/6.0.1/6.0.2
IBM Jazz Foundation is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-15 CVE-2016-8944 Improper Input Validation vulnerability in IBM AIX 7.1/7.2
IBM AIX 7.1 and 7.2 allows a local user to open a file with a specially crafted argument that would crash the system.
local
low complexity
ibm CWE-20
5.5
2017-02-15 CVE-2016-8866 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.
network
low complexity
imagemagick opensuse CWE-119
8.8
2017-02-15 CVE-2016-8862 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.
network
low complexity
imagemagick debian CWE-119
8.8
2017-02-15 CVE-2016-8693 Double Free vulnerability in multiple products
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.
7.8
2017-02-15 CVE-2016-8692 Divide By Zero vulnerability in multiple products
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command.
5.5
2017-02-15 CVE-2016-8691 Divide By Zero vulnerability in multiple products
The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.
5.5