Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-01-13 CVE-2016-9811 Out-of-bounds Read vulnerability in multiple products
The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.
local
high complexity
gstreamer fedoraproject debian redhat CWE-125
4.7
2017-01-13 CVE-2016-9810 Out-of-bounds Read vulnerability in Gstreamer 1.10.1
The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call.
local
low complexity
gstreamer CWE-125
5.5
2017-01-13 CVE-2016-9807 Out-of-bounds Read vulnerability in Gstreamer 1.10.1
The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file.
local
low complexity
gstreamer CWE-125
5.5
2017-01-13 CVE-2016-9311 NULL Pointer Dereference vulnerability in NTP 4.2.4/4.2.7/4.2.8
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.
network
high complexity
ntp CWE-476
5.9
2017-01-13 CVE-2016-9310 Resource Exhaustion vulnerability in NTP 4.2.4/4.2.7/4.2.8
The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.
network
low complexity
ntp CWE-400
6.5
2017-01-13 CVE-2016-8883 Resource Management Errors vulnerability in Jasper Project Jasper
The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
local
low complexity
jasper-project CWE-399
5.5
2017-01-13 CVE-2016-8882 NULL Pointer Dereference vulnerability in Jasper Project Jasper
The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
local
low complexity
jasper-project CWE-476
5.5
2017-01-13 CVE-2016-8671 Information Exposure vulnerability in Matrixssl
The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via unspecified vectors.
network
high complexity
matrixssl CWE-200
5.9
2017-01-13 CVE-2016-8467 Permissions, Privileges, and Access Controls vulnerability in Google Android
An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device.
local
low complexity
google CWE-264
5.5
2017-01-13 CVE-2016-7433 Incorrect Calculation vulnerability in NTP 4.2.4/4.2.7/4.2.8
NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion."
network
low complexity
ntp CWE-682
5.3