Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2016-12-13 CVE-2016-7945 Integer Overflow or Wraparound vulnerability in multiple products
Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields.
network
low complexity
fedoraproject x-org CWE-190
7.5
2016-12-13 CVE-2016-6706 Permissions, Privileges, and Access Controls vulnerability in Google Android
An elevation of privilege vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process.
local
low complexity
google CWE-264
7.8
2016-12-13 CVE-2016-6699 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
A remote code execution vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.
local
low complexity
google CWE-119
7.8
2016-12-13 CVE-2016-5647 Permissions, Privileges, and Access Controls vulnerability in Intel Graphics Driver
The igdkmd64 module in the Intel Graphics Driver through 15.33.42.435, 15.36.x through 15.36.30.4385, and 15.40.x through 15.40.4404 on Windows allows local users to cause a denial of service (crash) or gain privileges via a crafted D3DKMTEscape request.
local
low complexity
intel CWE-264
7.8
2016-12-13 CVE-2015-3418 Divide By Zero vulnerability in X.Org Xorg-Server
The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request.
network
low complexity
x-org CWE-369
7.5
2016-12-13 CVE-2015-3217 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/.
network
low complexity
pcre ibm CWE-119
7.5
2016-12-13 CVE-2016-6491 Out-of-bounds Read vulnerability in multiple products
Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read, memory leak, and crash) via a crafted image.
network
low complexity
imagemagick oracle CWE-125
8.8
2016-12-13 CVE-2016-5842 Out-of-bounds Read vulnerability in multiple products
MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read.
network
low complexity
imagemagick oracle CWE-125
7.5
2016-12-13 CVE-2016-5688 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions.
network
high complexity
oracle imagemagick CWE-119
8.1
2016-12-12 CVE-2016-9937 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Digium Asterisk
An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1.
network
low complexity
digium CWE-119
7.5