Skip to main content
CVE-2016-3714 HIGH POC KEV PATCH THREAT Act Now

The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

RCE
NVD Exploit-DB VulDB
CVSS 3.1
8.4
EPSS
93.9%
Threat
7.5
CVE-2016-3718 MEDIUM POC KEV PATCH THREAT Act Now

The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

SSRF
NVD Exploit-DB VulDB
CVSS 3.1
5.5
EPSS
83.8%
Threat
6.6
CVE-2016-3715 MEDIUM POC KEV PATCH THREAT Act Now

The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Path Traversal Information Disclosure
NVD Exploit-DB VulDB
CVSS 3.1
5.5
EPSS
77.7%
Threat
6.4
CVE-2016-2107 MEDIUM POC PATCH THREAT This Month

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 80.0%.

OpenSSL Information Disclosure Oracle Enterprise Linux Desktop Enterprise Linux Hpc Node +12
NVD Exploit-DB
CVSS 3.1
5.9
EPSS
80.0%
Threat
5.1
CVE-2016-2106 HIGH Act Now

Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 68.5% and no vendor patch available.

Denial Of Service OpenSSL Buffer Overflow Enterprise Linux Desktop Enterprise Linux Hpc Node +5
NVD
CVSS 3.0
7.5
EPSS
68.5%
CVE-2016-2109 HIGH Act Now

The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 59.3% and no vendor patch available.

Denial Of Service OpenSSL Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Hpc Node Eus +4
NVD
CVSS 3.0
7.5
EPSS
59.3%
CVE-2016-2108 CRITICAL Emergency

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 37.0% and no vendor patch available.

OpenSSL Denial Of Service RCE Buffer Overflow Enterprise Linux Desktop +7
NVD
CVSS 3.0
9.8
EPSS
37.0%
CVE-2016-2105 HIGH PATCH Act Now

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 45.1%.

Integer Overflow Denial Of Service OpenSSL Buffer Overflow Enterprise Linux Desktop +13
NVD
CVSS 3.1
7.5
EPSS
45.1%
CVE-2016-3717 MEDIUM POC PATCH THREAT This Month

The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 33.7%.

Information Disclosure Ubuntu Linux Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Hpc Node Eus +6
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
33.7%
CVE-2016-4535 HIGH POC THREAT Act Now

Integer signedness error in the AV engine before DAT 8145, as used in McAfee LiveSafe 14.0, allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted packed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.4%.

Denial Of Service Buffer Overflow Livesafe
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
10.4%
CVE-2016-3716 LOW POC PATCH THREAT Monitor

The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.3%.

Privilege Escalation Ubuntu Linux Imagemagick Enterprise Linux Desktop Enterprise Linux Hpc Node +6
NVD Exploit-DB
CVSS 3.0
3.3
EPSS
24.3%
CVE-2016-1387 CRITICAL Act Now

The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Telepresence Tc Software
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2016-4351 CRITICAL Act Now

SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway (TMEEG) 5.5 before build 1107 allows remote attackers to execute arbitrary SQL commands via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro SQLi Email Encryption Gateway
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2016-2176 HIGH This Week

The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Denial Of Service Buffer Overflow
NVD
CVSS 3.0
8.2
EPSS
7.8%
CVE-2016-1373 HIGH This Week

The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1),. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco SSRF Finesse
NVD
CVSS 3.0
8.6
EPSS
0.2%
CVE-2016-2168 MEDIUM This Month

The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apache Subversion
NVD
CVSS 3.0
6.5
EPSS
7.4%
CVE-2016-2062 HIGH PATCH This Week

The adreno_perfcounter_query_group function in drivers/gpu/msm/adreno_perfcounter.c in the Adreno GPU driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Denial Of Service Google Linux Buffer Overflow +4
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2016-1369 HIGH This Week

The Adaptive Security Appliance (ASA) 5585-X FirePOWER Security Services Processor (SSP) module for Cisco ASA with FirePOWER Services 5.3.1 through 6.0.0 misconfigures kernel logging, which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Asa With Firepower Services
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-1368 HIGH This Week

Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced Malware Protection (AMP) for Networks component on these. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Firesight System Software
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-4534 LOW POC PATCH Monitor

The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and. Rated low severity (CVSS 3.0). Public exploit code available.

Privilege Escalation Microsoft Virusscan Enterprise Windows
NVD Exploit-DB
CVSS 3.0
3.0
EPSS
2.4%
CVE-2016-1392 HIGH This Week

Open redirect vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Open Redirect Prime Collaboration Assurance
NVD
CVSS 3.0
7.4
EPSS
0.2%
CVE-2016-2059 HIGH PATCH This Week

The msm_ipc_router_bind_control_port function in net/ipc_router/ipc_router_core.c in the IPC router kernel module for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android. Rated high severity (CVSS 7.0). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Denial Of Service Google Linux Qualcomm Privilege Escalation +2
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2016-2167 MEDIUM This Month

The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Apache Authentication Bypass Subversion
NVD
CVSS 3.0
6.8
EPSS
1.0%
CVE-2016-4008 MEDIUM This Month

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Ubuntu Linux Opensuse Libtasn1 Fedora
NVD
CVSS 3.0
5.9
EPSS
5.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy