16.04

DATE	CVE	VULNERABILITY TITLE	RISK
2017-02-09	CVE-2016-2148	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing. network low complexity busybox debian canonical CWE-119 critical	9.8
2017-02-09	CVE-2016-2147	Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write. network low complexity busybox debian canonical CWE-190	7.5
2017-02-03	CVE-2016-10165	Out-of-bounds Read vulnerability in multiple products The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. local low complexity littlecms debian canonical opensuse redhat netapp CWE-125	7.1
2017-02-01	CVE-2016-9963	Key Management Errors vulnerability in multiple products Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages. network high complexity exim canonical debian CWE-320	5.9
2017-01-30	CVE-2016-9119	Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network low complexity moinmo canonical debian CWE-79	6.1
2017-01-30	CVE-2015-7977	NULL Pointer Dereference vulnerability in multiple products ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. network high complexity ntp oracle siemens netapp freebsd fedoraproject debian canonical CWE-476	5.9
2017-01-30	CVE-2015-7973	7PK - Security Features vulnerability in multiple products NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. network high complexity ntp siemens freebsd netapp canonical CWE-254	6.5
2017-01-27	CVE-2016-5824	Use After Free vulnerability in multiple products libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. local low complexity libical-project canonical redhat CWE-416	5.5
2017-01-13	CVE-2016-2090	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow. network low complexity fedoraproject freedesktop debian canonical CWE-119 critical	9.8
2016-12-13	CVE-2016-6313	Information Exposure vulnerability in multiple products The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits. network low complexity gnupg debian canonical CWE-200	5.3