Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-23 | CVE-2016-7037 | 7PK - Time and State vulnerability in JWT Project JWT The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing attack. | 7.5 |
| 2017-01-23 | CVE-2016-6920 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions. | 7.5 |
| 2017-01-23 | CVE-2016-6668 | Information Exposure vulnerability in Atlassian Confluence Server and Jira Integration for Hipchat The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages. | 7.5 |
| 2017-01-23 | CVE-2016-6601 | Path Traversal vulnerability in Zohocorp Webnms Framework 5.2 Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. | 7.5 |
| 2017-01-23 | CVE-2016-6521 | Cross-Site Request Forgery (CSRF) vulnerability in Gopivotal Grails 1.5.9/2.0.6 Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors. | 8.8 |
| 2017-01-23 | CVE-2016-6160 | Resource Management Errors vulnerability in Broadcom Tcpreplay tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause a denial of service (segmentation fault) via a large frame, a related issue to CVE-2017-14266. | 7.5 |
| 2017-01-23 | CVE-2016-5720 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Skype Multiple untrusted search path vulnerabilities in Microsoft Skype allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) msi.dll, (2) dpapi.dll, or (3) cryptui.dll that is located in the current working directory. | 7.8 |
| 2017-01-23 | CVE-2016-5697 | XML Injection (aka Blind XPath Injection) vulnerability in Onelogin Ruby-Saml Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors. | 7.5 |
| 2017-01-23 | CVE-2016-5119 | Improper Input Validation vulnerability in Keepass The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update. | 7.5 |
| 2017-01-23 | CVE-2016-5091 | 7PK - Security Features vulnerability in Typo3 Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action. | 8.1 |