Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-20 | CVE-2016-5323 | Divide By Zero vulnerability in multiple products The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image. | 7.5 |
| 2017-01-20 | CVE-2014-9755 | Improper Input Validation vulnerability in Viprinet Multichannel VPN Router 300 Firmware 2013070830/2013080900 The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows remote attackers to perform a replay attack. | 7.5 |
| 2017-01-20 | CVE-2016-7038 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Moodle In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed. | 7.3 |
| 2017-01-20 | CVE-2016-10143 | Information Exposure vulnerability in Tiki Tikiwiki Cms/Groupware 15.2 A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field. | 7.5 |
| 2017-01-19 | CVE-2016-9016 | Improper Access Control vulnerability in Firejail Project Firejail 0.9.38.4 Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. | 8.8 |
| 2017-01-19 | CVE-2016-7793 | Improper Access Control vulnerability in Sociomantic Git-Hub sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository URL. | 8.8 |
| 2017-01-19 | CVE-2016-7545 | Improper Access Control vulnerability in multiple products SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. | 8.8 |
| 2017-01-19 | CVE-2016-7543 | Improper Input Validation vulnerability in multiple products Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables. | 8.4 |
| 2017-01-19 | CVE-2016-10075 | Code vulnerability in Tqdm Project Tqdm 4.10/4.4.1 The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory. | 7.8 |
| 2017-01-19 | CVE-2016-5213 | Use After Free vulnerability in Google Chrome A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |