Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-23 | CVE-2016-7450 | Out-of-bounds Read vulnerability in Ffmpeg The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file. | 7.8 |
| 2016-12-23 | CVE-2016-6671 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file. | 7.8 |
| 2016-12-23 | CVE-2016-6659 | Improper Authentication vulnerability in multiple products Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release (aka uaa-release) before 13.9 for UAA 3.6.5 and before 24 for UAA 3.9.3 allow attackers to gain privileges by accessing UAA logs and subsequently running a specially crafted application that interacts with a configured SAML provider. | 8.1 |
| 2016-12-22 | CVE-2016-9675 | Out-of-bounds Write vulnerability in multiple products openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. | 7.8 |
| 2016-12-22 | CVE-2016-9181 | XXE vulnerability in Image-Info Project Image-Info for Perl 1.16/1.30 perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. | 7.1 |
| 2016-12-22 | CVE-2016-9179 | Improper Input Validation vulnerability in Lynx lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host. | 7.5 |
| 2016-12-21 | CVE-2016-7172 | Information Exposure vulnerability in Netapp Snap Creator Framework NetApp Snap Creator Framework before 4.3.1 discloses sensitive information which could be viewed by an unauthorized user. | 7.5 |
| 2016-12-21 | CVE-2016-5851 | XXE vulnerability in Python-Openxml Project Python-Docx python-docx before 0.8.6 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted document. | 8.8 |
| 2016-12-21 | CVE-2016-2349 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in BMC Remedy Action Request System 8.1/9.0/9.1 Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 allows attackers to reset arbitrary passwords via a blank previous password. | 7.5 |
| 2016-12-20 | CVE-2016-7300 | Untrusted Search Path vulnerability in Microsoft Auto Updater for mac Untrusted search path vulnerability in Microsoft Auto Updater for Mac allows local users to gain privileges via a Trojan horse executable file, aka "Microsoft (MAU) Office Elevation of Privilege Vulnerability." | 7.8 |