Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-30 | CVE-2016-6266 | Improper Input Validation vulnerability in Trendmicro Smart Protection Server 2.5/2.6/3.0 ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or (2) apikey parameter in a register action, (3) enable parameter in a save_stting action, or (4) host or (5) apikey parameter in a test_connection action. | 8.8 |
| 2017-01-30 | CVE-2016-6167 | Untrusted Search Path vulnerability in Putty 0.67 Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) UxTheme.dll or (2) ntmarta.dll file in the current working directory. | 7.8 |
| 2017-01-30 | CVE-2016-2399 | Integer Overflow or Wraparound vulnerability in Libquicktime 1.2.4 Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom. | 7.8 |
| 2017-01-30 | CVE-2016-10087 | NULL Pointer Dereference vulnerability in Libpng The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure. | 7.5 |
| 2017-01-30 | CVE-2015-2181 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Roundcube Webmail Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username. | 8.8 |
| 2017-01-30 | CVE-2015-2180 | Injection vulnerability in Roundcube Webmail The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password. | 8.8 |
| 2017-01-30 | CVE-2016-9939 | Improper Input Validation vulnerability in multiple products Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. | 7.5 |
| 2017-01-30 | CVE-2016-7544 | Resource Management Errors vulnerability in Cryptopp Crypto++ 5.6.4 Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. | 7.5 |
| 2017-01-30 | CVE-2015-7979 | Data Processing Errors vulnerability in NTP NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client. | 7.5 |
| 2017-01-30 | CVE-2015-7978 | Resource Exhaustion vulnerability in NTP NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list. | 7.5 |