High

DATE	CVE	VULNERABILITY TITLE	RISK
2017-01-24	CVE-2016-10160	Off-by-one Error vulnerability in multiple products Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. network low complexity php netapp debian CWE-193	7.5
2017-01-06	CVE-2016-2368	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. network low complexity pidgin canonical debian CWE-119	7.5
2016-12-23	CVE-2016-8707	Out-of-bounds Write vulnerability in multiple products An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. local low complexity imagemagick debian CWE-787	7.8
2016-12-23	CVE-2016-7966	Code Injection vulnerability in multiple products Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. network low complexity kde debian fedoraproject suse CWE-94	7.3
2016-12-12	CVE-2016-9427	Integer Overflow or Wraparound vulnerability in multiple products Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation. network low complexity bdwgc-project debian opensuse CWE-190	7.5
2016-11-10	CVE-2016-5195	Race Condition vulnerability in multiple products Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." local high complexity canonical linux redhat debian fedoraproject paloaltonetworks netapp CWE-362	7.0
2016-10-03	CVE-2016-1244	Improper Input Validation vulnerability in multiple products The extractTree function in unADF allows remote attackers to execute arbitrary code via shell metacharacters in a directory name in an adf file. network low complexity unadf-project debian CWE-20	8.8
2016-09-28	CVE-2016-7568	Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls. network low complexity libgd php debian CWE-190	7.5
2016-09-26	CVE-2016-4303	Classic Buffer Overflow vulnerability in multiple products The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow. network low complexity iperf3-project novell opensuse debian CWE-120	7.5
2016-09-25	CVE-2016-4738	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. network low complexity apple debian CWE-119	8.8