Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-09 | CVE-2017-5841 | Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving ncdt tags. | 7.5 |
| 2017-02-09 | CVE-2017-5840 | Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index. | 7.5 |
| 2017-02-09 | CVE-2017-5839 | Uncontrolled Recursion vulnerability in Gstreamer Project Gstreamer The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX. | 7.5 |
| 2017-02-09 | CVE-2017-5838 | Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string. | 7.5 |
| 2017-02-09 | CVE-2016-9244 | Information Exposure vulnerability in F5 products A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. | 7.5 |
| 2017-02-09 | CVE-2016-8494 | Permissions, Privileges, and Access Controls vulnerability in Fortinet Connect Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme. | 7.2 |
| 2017-02-09 | CVE-2016-6173 | Resource Management Errors vulnerability in Nlnetlabs NSD NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data. | 7.5 |
| 2017-02-09 | CVE-2016-6171 | Resource Exhaustion vulnerability in Knot-Dns Knot DNS 2.1.1/2.2.0/2.2.1 Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and slave server crash) via a large zone transfer for (1) DDNS, (2) AXFR, or (3) IXFR. | 8.6 |
| 2017-02-09 | CVE-2016-5727 | Code Injection vulnerability in Simplemachines Simple Machines Forum 2.1 LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop. | 8.8 |
| 2017-02-09 | CVE-2016-4986 | Path Traversal vulnerability in Jenkins TAP Directory traversal vulnerability in the TAP plugin before 1.25 in Jenkins allows remote attackers to read arbitrary files via an unspecified parameter. | 7.5 |