Skip to main content
CVE-2016-2324 CRITICAL PATCH Act Now

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 22.1%.

RCE Buffer Overflow Linux Enterprise Debuginfo Openstack Cloud Leap +5
NVD GitHub
CVSS 3.1
9.8
EPSS
22.1%
CVE-2016-2315 CRITICAL PATCH Act Now

revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 17.7%.

RCE Buffer Overflow Linux Enterprise Debuginfo Openstack Cloud Leap +5
NVD GitHub
CVSS 3.1
9.8
EPSS
17.7%
CVE-2016-3154 CRITICAL PATCH Act Now

The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE PHP Code Injection Spip
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2016-3153 CRITICAL PATCH Act Now

SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE PHP Code Injection Debian Linux Spip
NVD
CVSS 3.0
9.8
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy