Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-04-03 CVE-2017-5924 Use After Free vulnerability in Virustotal Yara 3.5.0
libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_compiler_destroy function.
network
low complexity
virustotal CWE-416
7.5
2017-04-03 CVE-2017-5923 Out-of-bounds Read vulnerability in Virustotal Yara 3.5.0
libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted rule that is mishandled in the yara_yyparse function.
network
low complexity
virustotal CWE-125
7.5
2017-04-03 CVE-2016-10316 Open Redirect vulnerability in Jensenofscandinavia Al3G Firmware, Al5000Ac Firmware and Al59300 Firmware
Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev.
network
low complexity
jensenofscandinavia CWE-601
6.1
2017-04-03 CVE-2016-10315 Open Redirect vulnerability in Jensenofscandinavia Al3G Firmware, Al5000Ac Firmware and Al59300 Firmware
Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev.
network
low complexity
jensenofscandinavia CWE-601
6.1
2017-04-03 CVE-2016-10314 Information Exposure vulnerability in Jensenofscandinavia Al3G Firmware, Al5000Ac Firmware and Al59300 Firmware
Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev.
network
low complexity
jensenofscandinavia CWE-200
8.8
2017-04-03 CVE-2016-10313 Cross-Site Request Forgery (CSRF) vulnerability in Jensenofscandinavia Al3G Firmware, Al5000Ac Firmware and Al59300 Firmware
Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev.
network
low complexity
jensenofscandinavia CWE-352
8.8
2017-04-03 CVE-2016-10312 Command Injection vulnerability in Jensenofscandinavia Al3G Firmware, Al5000Ac Firmware and Al59300 Firmware
Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev.
network
low complexity
jensenofscandinavia CWE-77
critical
9.8
2017-04-03 CVE-2016-10226 Out-of-bounds Read vulnerability in Apple Safari 18
JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (bitfield out-of-bounds read and application crash) via crafted JavaScript code that is mishandled in the operatorString function, related to assembler/MacroAssemblerARM64.h, assembler/MacroAssemblerX86Common.h, and wasm/WasmB3IRGenerator.cpp.
network
low complexity
apple CWE-125
7.5
2017-04-03 CVE-2016-10222 Improper Input Validation vulnerability in Apple Safari 18
runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service (segmentation violation and application crash) via crafted JavaScript code that triggers a "type confusion" in the JSON.stringify function.
network
low complexity
apple CWE-20
7.5
2017-04-03 CVE-2016-10221 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Artifex Mupdf 1.10A
The count_entries function in pdf-layer.c in Artifex Software, Inc.
local
low complexity
artifex CWE-119
5.5