Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-08 | CVE-2016-9917 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Bluez 5.42 In BlueZ 5.42, a buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file. | 7.5 |
| 2016-12-08 | CVE-2016-9839 | Information Exposure vulnerability in Osgeo Mapserver In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails. | 7.5 |
| 2016-12-08 | CVE-2016-8655 | Use After Free vulnerability in multiple products Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions. | 7.8 |
| 2016-12-06 | CVE-2015-8870 | Integer Overflow or Wraparound vulnerability in Libtiff Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file. | 7.4 |
| 2016-12-05 | CVE-2016-8740 | Resource Management Errors vulnerability in Apache Http Server The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request. | 7.5 |
| 2016-12-05 | CVE-2016-9156 | Improper Access Control vulnerability in Siemens Sicam Pas/Pqs A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to upload, download, or delete files in certain parts of the file system by sending specially crafted packets to port 19235/TCP. | 7.3 |
| 2016-12-02 | CVE-2016-9638 | Permissions, Privileges, and Access Controls vulnerability in BMC Patrol 9.13.10.01 In BMC Patrol before 9.13.10.02, the binary "listguests64" is configured with the setuid bit. | 7.8 |
| 2016-12-02 | CVE-2016-9479 | Credentials Management vulnerability in B2Evolution The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request. | 7.5 |
| 2016-12-01 | CVE-2016-9752 | Server-Side Request Forgery (SSRF) vulnerability in S9Y Serendipity In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code. | 8.6 |
| 2016-12-01 | CVE-2016-3055 | XXE vulnerability in IBM Filenet Workplace 4.0.2 IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 8.1 |