Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-13 | CVE-2016-9811 | Out-of-bounds Read vulnerability in multiple products The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file. | 4.7 |
| 2017-01-13 | CVE-2016-9810 | Out-of-bounds Read vulnerability in Gstreamer 1.10.1 The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call. | 5.5 |
| 2017-01-13 | CVE-2016-9807 | Out-of-bounds Read vulnerability in Gstreamer 1.10.1 The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file. | 5.5 |
| 2017-01-13 | CVE-2016-9311 | NULL Pointer Dereference vulnerability in NTP 4.2.4/4.2.7/4.2.8 ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet. | 5.9 |
| 2017-01-13 | CVE-2016-9310 | Resource Exhaustion vulnerability in NTP 4.2.4/4.2.7/4.2.8 The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. | 6.5 |
| 2017-01-13 | CVE-2016-8883 | Resource Management Errors vulnerability in Jasper Project Jasper The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. | 5.5 |
| 2017-01-13 | CVE-2016-8882 | NULL Pointer Dereference vulnerability in Jasper Project Jasper The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. | 5.5 |
| 2017-01-13 | CVE-2016-8671 | Information Exposure vulnerability in Matrixssl The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via unspecified vectors. | 5.9 |
| 2017-01-13 | CVE-2016-8467 | Permissions, Privileges, and Access Controls vulnerability in Google Android An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. | 5.5 |
| 2017-01-13 | CVE-2016-7433 | Incorrect Calculation vulnerability in NTP 4.2.4/4.2.7/4.2.8 NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion." | 5.3 |