Vulnerabilities > Oracle > High

DATE CVE VULNERABILITY TITLE RISK
2016-09-21 CVE-2016-3990 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp.
local
low complexity
libtiff oracle CWE-787
7.8
2016-09-21 CVE-2016-3945 Integer Overflow or Wraparound vulnerability in multiple products
Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write.
local
low complexity
libtiff oracle CWE-190
7.8
2016-09-21 CVE-2016-3632 Out-of-bounds Write vulnerability in multiple products
The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image.
local
low complexity
libtiff oracle CWE-787
7.8
2016-09-21 CVE-2016-6250 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow.
network
low complexity
oracle libarchive CWE-190
8.6
2016-09-21 CVE-2016-5418 Data Processing Errors vulnerability in multiple products
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.
network
low complexity
redhat oracle libarchive CWE-19
7.5
2016-09-21 CVE-2016-4809 Improper Input Validation vulnerability in multiple products
The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.
network
low complexity
redhat oracle libarchive CWE-20
7.5
2016-09-16 CVE-2016-6302 Improper Input Validation vulnerability in multiple products
The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.
network
low complexity
openssl oracle CWE-20
7.5
2016-09-16 CVE-2016-2181 Numeric Errors vulnerability in multiple products
The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.
network
low complexity
openssl oracle CWE-189
7.5
2016-09-16 CVE-2016-2179 Resource Management Errors vulnerability in multiple products
The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.
network
low complexity
openssl oracle CWE-399
7.5
2016-09-01 CVE-2016-2183 Information Exposure vulnerability in multiple products
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
network
low complexity
redhat python cisco openssl oracle nodejs CWE-200
7.5