Skip to main content
CVE-2015-8779 CRITICAL Act Now

Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Linux Enterprise Debuginfo Opensuse +8
NVD
CVSS 3.0
9.8
EPSS
5.5%
CVE-2015-8778 CRITICAL Act Now

Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Fedora Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
5.3%
CVE-2016-3688 MEDIUM POC This Month

SQL injection vulnerability in dotCMS before 3.5 allows remote administrators to execute arbitrary SQL commands via the c0-e3 parameter to dwr/call/plaincall/UserAjax.getUsersList.dwr. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Information Disclosure Dotcms
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2014-9761 CRITICAL Act Now

Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Linux Enterprise Debuginfo Opensuse +7
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2016-2390 MEDIUM This Month

The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 21.3% and no vendor patch available.

Denial Of Service OpenSSL Squid
NVD
CVSS 3.0
5.9
EPSS
21.3%
CVE-2015-8776 CRITICAL Act Now

The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Enterprise Debuginfo Opensuse Linux Enterprise Desktop Linux Enterprise Server +6
NVD
CVSS 3.0
9.1
EPSS
4.3%
CVE-2014-9765 HIGH This Week

Buffer overflow in the main_get_appheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code via a crafted input file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Ubuntu Linux Debian Linux Xdelta3 +1
NVD GitHub
CVSS 3.0
8.8
EPSS
2.5%
CVE-2016-3960 HIGH PATCH This Week

Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Xen Fedora Vm Server
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-0741 HIGH PATCH This Week

slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Enterprise Linux Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +2
NVD
CVSS 3.0
7.5
EPSS
4.0%
CVE-2016-4040 HIGH This Week

SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Dotcms
NVD GitHub
CVSS 3.0
7.2
EPSS
0.4%
CVE-2015-5479 MEDIUM This Month

The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ubuntu Libav Leap
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2016-3186 MEDIUM This Month

Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Opensuse Libtiff
NVD
CVSS 3.0
6.2
EPSS
0.8%
CVE-2015-1776 MEDIUM PATCH This Month

Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature is. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Apache Hadoop
NVD
CVSS 3.0
6.2
EPSS
0.1%
CVE-2015-7511 LOW Monitor

Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring. Rated low severity (CVSS 2.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Libgcrypt Debian Linux Ubuntu Linux
NVD
CVSS 3.0
2.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy