Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-13 | CVE-2016-8882 | NULL Pointer Dereference vulnerability in Jasper Project Jasper The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. | 5.5 |
| 2017-01-13 | CVE-2016-8671 | Information Exposure vulnerability in Matrixssl The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via unspecified vectors. | 5.9 |
| 2017-01-13 | CVE-2016-8467 | Permissions, Privileges, and Access Controls vulnerability in Google Android An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. | 5.5 |
| 2017-01-13 | CVE-2016-7433 | Incorrect Calculation vulnerability in NTP 4.2.4/4.2.7/4.2.8 NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion." | 5.3 |
| 2017-01-13 | CVE-2016-7431 | Improper Input Validation vulnerability in NTP 4.2.8 NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. | 5.3 |
| 2017-01-13 | CVE-2016-7428 | Resource Exhaustion vulnerability in NTP 4.2.8 ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet. | 4.3 |
| 2017-01-13 | CVE-2016-7427 | Resource Exhaustion vulnerability in NTP 4.2.8 The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet. | 4.3 |
| 2017-01-13 | CVE-2016-6887 | Information Exposure vulnerability in Matrixssl The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack. | 5.9 |
| 2017-01-13 | CVE-2017-3890 | Cross-site Scripting vulnerability in Blackberry Appliance-X and Workspaces Vapp A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browser by persuading a user to click an attacker-supplied malicious link. | 6.1 |
| 2017-01-13 | CVE-2016-10135 | Information Exposure vulnerability in LG Mobile An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. | 5.5 |