Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2016-10-03 CVE-2016-7401 7PK - Security Features vulnerability in multiple products
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.
network
low complexity
canonical djangoproject debian CWE-254
7.5
7.5
2016-10-03 CVE-2016-7031 7PK - Security Features vulnerability in multiple products
The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL.
network
low complexity
redhat ceph-project CWE-254
7.5
7.5
2016-10-03 CVE-2016-6352 Out-of-bounds Write vulnerability in multiple products
The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file.
network
low complexity
canonical gnome opensuse CWE-787
7.5
7.5
2016-10-03 CVE-2016-1244 Improper Input Validation vulnerability in multiple products
The extractTree function in unADF allows remote attackers to execute arbitrary code via shell metacharacters in a directory name in an adf file.
network
low complexity
unadf-project debian CWE-20
8.8
8.8
2016-10-03 CVE-2016-7445 NULL Pointer Dereference vulnerability in multiple products
convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.
network
low complexity
uclouvain opensuse CWE-476
7.5
7.5
2016-10-03 CVE-2016-3658 Out-of-bounds Read vulnerability in Libtiff
The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable.
network
low complexity
libtiff CWE-125
7.5
7.5
2016-10-03 CVE-2016-3634 Out-of-bounds Read vulnerability in Libtiff
The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to field_tag matching.
network
low complexity
libtiff CWE-125
7.5
7.5
2016-10-03 CVE-2016-3633 Out-of-bounds Read vulnerability in Libtiff
The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable.
network
low complexity
libtiff CWE-125
7.5
7.5
2016-10-03 CVE-2016-3631 Out-of-bounds Read vulnerability in Libtiff
The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytecounts[] array variable.
network
low complexity
libtiff CWE-125
7.5
7.5
2016-10-03 CVE-2016-3624 Out-of-bounds Write vulnerability in Libtiff
The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the "-v" option to -1.
network
low complexity
libtiff CWE-787
7.5
7.5