Skip to main content
CVE-2010-5326 CRITICAL POC KEV THREAT Emergency

Remote unauthenticated code execution in SAP NetWeaver Application Server Java (pre-7.3) through the Invoker Servlet allows attackers to bypass authentication and execute arbitrary code. Confirmed actively exploited (CISA KEV) from 2013 through 2016 in 'Detour' attacks targeting SAP business applications. CVSS 10.0 with EPSS 16.90% (95th percentile) indicates both maximum theoretical severity and sustained real-world exploitation. This remains a critical priority for organizations running legacy SAP NetWeaver Java instances despite the vulnerability's age.

Java SAP Authentication Bypass RCE
NVD VulDB
CVSS 3.1
10.0
EPSS
16.9%
Threat
6.0
CVE-2016-2195 CRITICAL Act Now

Integer overflow in the PointGFp constructor in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to overwrite memory and possibly execute arbitrary code via a crafted ECC point,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.6% and no vendor patch available.

RCE Buffer Overflow Botan Debian Linux
NVD
CVSS 3.0
9.8
EPSS
10.6%
CVE-2016-4024 CRITICAL PATCH Act Now

Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Buffer Overflow Imlib2 Debian Linux Opensuse
NVD
CVSS 3.0
9.8
EPSS
9.6%
CVE-2016-2196 CRITICAL Act Now

Heap-based buffer overflow in the P-521 reduction function in Botan 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (memory overwrite and crash) or execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Botan
NVD
CVSS 3.0
9.8
EPSS
4.6%
CVE-2016-1578 CRITICAL Act Now

Use-after-free vulnerability in Oxide allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to responding synchronously. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service Ubuntu Linux Oxide
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2016-2099 CRITICAL Act Now

Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Xerces C Opensuse
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2016-1580 CRITICAL Act Now

The setup_snappy_os_mounts function in the ubuntu-core-launcher package before 1.0.27.1 improperly determines the mount point of bind mounts when using snaps, which might allow remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Ubuntu Ubuntu Core Launcher
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2016-3994 HIGH PATCH This Week

The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Debian Linux Imlib2
NVD
CVSS 3.0
8.2
EPSS
1.0%
CVE-2014-9762 HIGH This Week

imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a GIF image without a colormap. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Imlib2 Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.8%
CVE-2014-9763 HIGH This Week

imlib2 before 1.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted PNM file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Debian Linux Imlib2
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2016-2194 HIGH This Week

The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service (infinite loop) via unspecified input to the OS2ECP function, related to a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Debian Linux Botan
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2014-9764 HIGH This Week

imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a crafted GIF file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Debian Linux Imlib2
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2015-8312 HIGH This Week

Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl with an input buffer size of 4096 bytes. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Openafs Debian Linux
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2014-9771 HIGH This Week

Integer overflow in imlib2 before 1.4.7 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted image, which triggers an invalid read operation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Imlib2 Debian Linux
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2016-3993 HIGH This Week

Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Imlib2 Debian Linux
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2015-5726 HIGH This Week

The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Botan Debian Linux
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2015-5727 HIGH This Week

The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Botan Debian Linux
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-2849 HIGH This Week

Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Debian Linux Fedora Botan
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2015-7827 HIGH This Week

Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fedora Botan Debian Linux
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-2850 HIGH This Week

Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fedora Botan
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2014-9742 HIGH This Week

The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attackers to defeat cryptographic protection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Botan
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-2860 MEDIUM This Month

The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Openafs Debian Linux
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2015-8099 MEDIUM This Month

F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP AAM 11.4.x before. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Wan Optimization Manager Big Ip Application Security Manager Big Ip Link Controller +17
NVD
CVSS 3.0
5.9
EPSS
1.0%
CVE-2016-4536 MEDIUM This Month

The client in OpenAFS before 1.6.17 does not properly initialize the (1) AFSStoreStatus, (2) AFSStoreVolumeStatus, (3) VldbListByAttributes, and (4) ListAddrByAttributes structures, which might allow. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openafs
NVD
CVSS 3.0
5.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy