High

DATE	CVE	VULNERABILITY TITLE	RISK
2017-02-09	CVE-2016-2147	Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write. network low complexity busybox debian canonical CWE-190	7.5
2017-02-06	CVE-2016-7800	Integer Underflow (Wrap or Wraparound) vulnerability in multiple products Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow. network low complexity graphicsmagick opensuse debian CWE-191	7.5
2017-02-06	CVE-2016-7449	Out-of-bounds Read vulnerability in multiple products The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string. network low complexity graphicsmagick debian opensuse CWE-125	7.5
2017-02-06	CVE-2016-7448	Resource Management Errors vulnerability in multiple products The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size. network low complexity graphicsmagick debian opensuse CWE-399	7.5
2017-02-03	CVE-2016-10165	Out-of-bounds Read vulnerability in multiple products The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. local low complexity littlecms debian canonical opensuse redhat netapp CWE-125	7.1
2017-01-30	CVE-2016-7798	Inadequate Encryption Strength vulnerability in multiple products The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism. network low complexity ruby-lang debian CWE-326	7.5
2017-01-30	CVE-2016-9939	Improper Input Validation vulnerability in multiple products Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. network low complexity cryptopp debian CWE-20	7.5
2017-01-27	CVE-2016-9453	Out-of-bounds Write vulnerability in multiple products The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one. local low complexity libtiff opensuse debian CWE-787	7.8
2017-01-27	CVE-2016-10002	Information Exposure vulnerability in multiple products Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. network low complexity debian squid-cache CWE-200	7.5
2017-01-24	CVE-2016-10159	Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. network low complexity php debian CWE-190	7.5