Skip to main content
CVE-2016-6515 HIGH POC PATCH THREAT Act Now

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 75.8%.

Denial Of Service SSH Openssh Fedora
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
75.8%
Threat
5.3
CVE-2016-5766 HIGH POC PATCH THREAT Act Now

Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.2%.

Integer Overflow Denial Of Service PHP Buffer Overflow Openshift +5
NVD GitHub
CVSS 3.0
8.8
EPSS
16.2%
CVE-2016-5096 HIGH POC PATCH This Week

Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service PHP
NVD GitHub
CVSS 3.0
8.6
EPSS
1.6%
CVE-2016-5093 HIGH POC PATCH This Week

The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\0' character, which allows. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Information Disclosure PHP Buffer Overflow
NVD GitHub
CVSS 3.0
8.6
EPSS
1.5%
CVE-2013-7456 HIGH POC This Week

gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure PHP Buffer Overflow Libgd
NVD GitHub
CVSS 3.0
7.6
EPSS
1.3%
CVE-2016-6128 HIGH PATCH Act Now

The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.1%.

Denial Of Service PHP Debian Linux Leap Libgd +1
NVD GitHub
CVSS 3.1
7.5
EPSS
12.1%
CVE-2016-5767 HIGH This Week

Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service PHP Buffer Overflow Libgd
NVD GitHub
CVSS 3.0
8.8
EPSS
4.6%
CVE-2016-5094 HIGH This Week

Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service PHP
NVD GitHub
CVSS 3.0
8.6
EPSS
2.4%
CVE-2016-5145 HIGH This Week

Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2016-4029 HIGH PATCH This Week

WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Debian Linux
NVD
CVSS 3.1
8.6
EPSS
1.4%
CVE-2016-6635 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in the wp_ajax_wp_compression_test function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF WordPress PHP
NVD GitHub
CVSS 3.0
8.8
EPSS
0.3%
CVE-2016-5095 HIGH This Week

Integer overflow in the php_escape_html_entities_ex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service PHP
NVD GitHub
CVSS 3.0
8.6
EPSS
1.0%
CVE-2016-1951 HIGH This Week

Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable Runtime (NSPR) before 4.12 allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Mozilla Buffer Overflow Denial Of Service Netscape Portable Runtime
NVD
CVSS 3.0
8.6
EPSS
0.8%
CVE-2016-5139 HIGH This Week

Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Chrome
NVD
CVSS 3.0
7.6
EPSS
1.5%
CVE-2015-0568 HIGH This Week

Use-after-free vulnerability in the msm_set_crop function in drivers/media/video/msm/msm_camera.c in the MSM-Camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Google Linux +3
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2016-2065 HIGH PATCH This Week

sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Denial Of Service Google Linux Buffer Overflow +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2016-2064 HIGH PATCH This Week

sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Google Linux Buffer Overflow +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2016-2063 HIGH PATCH This Week

Stack-based buffer overflow in the supply_lm_input_write function in drivers/thermal/supply_lm_core.c in the MSM Thermal driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Google Linux Buffer Overflow Qualcomm +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2016-5340 HIGH PATCH This Week

The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Google Linux Authentication Bypass Android +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2016-5141 HIGH This Week

Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional URL for an initially empty document, related to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2016-5350 HIGH PATCH This Week

epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles unexpected offsets, which allows remote attackers to cause a denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark
NVD GitHub
CVSS 3.0
7.5
EPSS
0.4%
CVE-2015-3854 HIGH PATCH This Week

packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission requirement via a broadcast intent with the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Java Authentication Bypass Android
NVD
CVSS 3.0
7.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy