Skip to main content
CVE-2016-1234 HIGH POC PATCH This Week

Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Glibc Leap Opensuse +1
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2016-3075 HIGH Act Now

Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.9% and no vendor patch available.

Denial Of Service Buffer Overflow Opensuse Glibc Fedora +1
NVD
CVSS 3.0
7.5
EPSS
10.9%
CVE-2016-2175 HIGH PATCH This Week

Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

XXE Apache Pdfbox Debian Linux
NVD
CVSS 3.0
7.8
EPSS
5.9%
CVE-2015-8875 HIGH This Week

Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Gdk Pixbuf Debian Linux
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2016-5126 HIGH PATCH This Week

Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Memory Corruption Buffer Overflow RCE Qemu +11
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2016-3697 HIGH PATCH This Week

libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Docker Privilege Escalation Runc Opensuse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2016-4423 HIGH PATCH This Week

The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service PHP Symfony Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2016-1902 HIGH PATCH This Week

The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Debian Linux Symfony
NVD GitHub
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-4810 HIGH This Week

Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Authentication Bypass Xenapp Xendesktop
NVD
CVSS 3.0
7.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy