High

DATE	CVE	VULNERABILITY TITLE	RISK
2016-09-21	CVE-2016-7163	Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write. local low complexity uclouvain debian fedoraproject redhat CWE-190	7.8
2016-09-21	CVE-2015-8871	Use After Free vulnerability in multiple products Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors. network low complexity debian uclouvain CWE-416	7.5
2016-09-07	CVE-2016-6318	Out-of-bounds Write vulnerability in multiple products Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer. local low complexity cracklib-project opensuse debian CWE-787	7.8
2016-08-13	CVE-2016-5384	Double Free vulnerability in multiple products fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file. local low complexity fedoraproject fontconfig-project debian canonical CWE-415	7.8
2016-08-10	CVE-2016-5421	Use After Free vulnerability in multiple products Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. network high complexity opensuse haxx canonical debian fedoraproject CWE-416	8.1
2016-08-10	CVE-2016-5420	Improper Authorization vulnerability in multiple products curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. network low complexity debian haxx opensuse CWE-285	7.5
2016-08-10	CVE-2016-5419	Cryptographic Issues vulnerability in multiple products curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session. network low complexity haxx debian opensuse CWE-310	7.5
2016-08-07	CVE-2016-4029	Server-Side Request Forgery (SSRF) vulnerability in multiple products WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address. network low complexity wordpress debian CWE-918	8.6
2016-08-07	CVE-2016-5772	Double Free vulnerability in multiple products Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call. network low complexity php suse opensuse debian CWE-415	7.5
2016-08-07	CVE-2016-5771	Use After Free vulnerability in multiple products spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data. network low complexity php opensuse debian CWE-416	7.5