Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-01-27 CVE-2016-9453 Out-of-bounds Write vulnerability in multiple products
The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one.
local
low complexity
libtiff opensuse debian CWE-787
7.8
2017-01-27 CVE-2016-9448 NULL Pointer Dereference vulnerability in multiple products
The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays.
network
low complexity
libtiff opensuse CWE-476
7.5
2017-01-27 CVE-2016-8411 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
Buffer overflow vulnerability while processing QMI QOS TLVs.
network
low complexity
google CWE-119
critical
9.8
2017-01-27 CVE-2016-1551 7PK - Security Features vulnerability in multiple products
ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks.
network
high complexity
ntp ntpsec CWE-254
3.7
2017-01-27 CVE-2016-10003 Incorrect Comparison vulnerability in Squid-Cache Squid
Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.
network
low complexity
squid-cache CWE-697
7.5
2017-01-27 CVE-2016-10002 Information Exposure vulnerability in multiple products
Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients.
network
low complexity
debian squid-cache CWE-200
7.5
2017-01-27 CVE-2017-5599 Cross-site Scripting vulnerability in Eclinicalworks Patient Portal 7.0
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13.
network
low complexity
eclinicalworks CWE-79
6.1
2017-01-27 CVE-2017-5598 SQL Injection vulnerability in Eclinicalworks Patient Portal 8.0
An issue was discovered in eClinicalWorks healow@work 8.0 build 8.
network
low complexity
eclinicalworks CWE-89
7.5
2017-01-26 CVE-2016-9054 Out-of-bounds Write vulnerability in Aerospike Database Server 3.10.0.3
An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3.
network
low complexity
aerospike CWE-787
critical
9.8
2017-01-26 CVE-2016-9052 Out-of-bounds Write vulnerability in Aerospike Database Server 3.10.0.3
An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3.
network
low complexity
aerospike CWE-787
critical
9.8