High

DATE	CVE	VULNERABILITY TITLE	RISK
2016-09-20	CVE-2015-8931	Integer Overflow or Wraparound vulnerability in multiple products Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior. local low complexity libarchive suse canonical debian CWE-190	7.8
2016-09-20	CVE-2015-8917	NULL Pointer Dereference vulnerability in multiple products bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file. network low complexity debian libarchive canonical CWE-476	7.5
2016-09-09	CVE-2016-6211	Permissions, Privileges, and Access Controls vulnerability in multiple products The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form. network low complexity drupal debian CWE-264	8.8
2016-09-07	CVE-2016-6318	Out-of-bounds Write vulnerability in multiple products Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer. local low complexity cracklib-project opensuse debian CWE-787	7.8
2016-08-13	CVE-2016-5384	Double Free vulnerability in multiple products fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file. local low complexity fedoraproject fontconfig-project debian canonical CWE-415	7.8
2016-08-10	CVE-2016-5421	Use After Free vulnerability in multiple products Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. network high complexity opensuse haxx canonical debian fedoraproject CWE-416	8.1
2016-08-10	CVE-2016-5420	Improper Authorization vulnerability in multiple products curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. network low complexity debian haxx opensuse CWE-285	7.5
2016-08-10	CVE-2016-5419	Cryptographic Issues vulnerability in multiple products curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session. network low complexity haxx debian opensuse CWE-310	7.5
2016-08-07	CVE-2016-4029	Server-Side Request Forgery (SSRF) vulnerability in multiple products WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address. network low complexity wordpress debian CWE-918	8.6
2016-08-07	CVE-2016-6128	Improper Input Validation vulnerability in multiple products The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index. network low complexity debian opensuse libgd canonical CWE-20	7.5