Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-28 | CVE-2016-2776 | Improper Input Validation vulnerability in multiple products buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. | 7.5 |
| 2016-09-27 | CVE-2016-7444 | Permissions, Privileges, and Access Controls vulnerability in GNU Gnutls The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc. | 7.5 |
| 2016-09-27 | CVE-2016-7045 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string. | 7.5 |
| 2016-09-27 | CVE-2016-7044 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code. | 7.5 |
| 2016-09-27 | CVE-2016-4978 | Deserialization of Untrusted Data vulnerability in multiple products The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget classes being present on the Artemis classpath. | 7.2 |
| 2016-09-26 | CVE-2016-7052 | NULL Pointer Dereference vulnerability in multiple products crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. | 7.5 |
| 2016-09-26 | CVE-2016-6305 | Improper Input Validation vulnerability in Openssl 1.1.0 The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call. | 7.5 |
| 2016-09-26 | CVE-2016-6304 | Memory Leak vulnerability in multiple products Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. | 7.5 |
| 2016-09-26 | CVE-2016-6142 | Unspecified vulnerability in SAP Hana 1.00.73.00.389160 SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459. | 7.5 |
| 2016-09-26 | CVE-2016-7162 | Improper Input Validation vulnerability in multiple products The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive. | 7.5 |