Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-03 | CVE-2016-8278 | Improper Input Validation vulnerability in Huawei Usg9520, Usg9560 and Usg9580 Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote attackers to cause a denial of service (device restart) via an unspecified URL. | 7.5 |
| 2016-10-03 | CVE-2016-7141 | Improper Authentication vulnerability in multiple products curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420. | 7.5 |
| 2016-10-03 | CVE-2013-4119 | NULL Pointer Dereference vulnerability in Freerdp 1.0.0/1.0.1/1.0.2 FreeRDP before 1.1.0-beta+2013071101 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by disconnecting before authentication has finished. | 7.5 |
| 2016-10-03 | CVE-2013-4118 | NULL Pointer Dereference vulnerability in multiple products FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. | 7.5 |
| 2016-10-03 | CVE-2016-7401 | 7PK - Security Features vulnerability in multiple products The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies. | 7.5 |
| 2016-10-03 | CVE-2016-7031 | 7PK - Security Features vulnerability in multiple products The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL. | 7.5 |
| 2016-10-03 | CVE-2016-6352 | Out-of-bounds Write vulnerability in multiple products The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file. | 7.5 |
| 2016-10-03 | CVE-2016-1244 | Improper Input Validation vulnerability in multiple products The extractTree function in unADF allows remote attackers to execute arbitrary code via shell metacharacters in a directory name in an adf file. | 8.8 |
| 2016-10-03 | CVE-2016-7445 | NULL Pointer Dereference vulnerability in multiple products convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s. | 7.5 |
| 2016-10-03 | CVE-2016-3658 | Out-of-bounds Read vulnerability in Libtiff The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable. | 7.5 |