Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-25 | CVE-2016-10041 | Permissions, Privileges, and Access Controls vulnerability in Sprecher-Automation Sprecon-E Service Program 3.42 An issue was discovered in Sprecher Automation SPRECON-E Service Program before 3.43 SP0. | 7.5 |
| 2016-12-24 | CVE-2016-10039 | Path Traversal vulnerability in Modx Revolution Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/getfiles. | 7.3 |
| 2016-12-24 | CVE-2016-10038 | Path Traversal vulnerability in Modx Revolution Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/remove. | 7.3 |
| 2016-12-24 | CVE-2016-10037 | Path Traversal vulnerability in Modx Revolution Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, related to browser/directory/getlist. | 7.3 |
| 2016-12-23 | CVE-2016-9037 | Out-of-bounds Read vulnerability in Tarantool 1.7.2 An exploitable out-of-bounds array access vulnerability exists in the xrow_header_decode function of Tarantool 1.7.2.0-g8e92715. | 7.5 |
| 2016-12-23 | CVE-2016-9036 | Out-of-bounds Read vulnerability in Tarantool Msgpuck 1.0.3 An exploitable incorrect return value vulnerability exists in the mp_check function of Tarantool's Msgpuck library 1.0.3. | 7.5 |
| 2016-12-23 | CVE-2016-8707 | Out-of-bounds Write vulnerability in multiple products An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. | 7.8 |
| 2016-12-23 | CVE-2016-7967 | Improper Access Control vulnerability in KDE Kmail KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. | 8.1 |
| 2016-12-23 | CVE-2016-7966 | Code Injection vulnerability in multiple products Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. | 7.3 |
| 2016-12-23 | CVE-2016-9154 | Insufficient Entropy in PRNG vulnerability in Siemens products Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U (All firmware versions < V6.00.046) use a pseudo random number generator with insufficient entropy to generate certificates for HTTPS, potentially allowing remote attackers to reconstruct the corresponding private key. | 7.5 |