Skip to main content
CVE-2016-7124 CRITICAL POC PATCH THREAT Act Now

ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 74.7%.

Deserialization Denial Of Service PHP
NVD GitHub
CVSS 3.0
9.8
EPSS
74.7%
Threat
5.7
CVE-2016-7126 CRITICAL POC PATCH Act Now

The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption PHP Buffer Overflow
NVD GitHub
CVSS 3.1
9.8
EPSS
4.6%
CVE-2016-7132 HIGH POC PATCH THREAT Act Now

ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.9%.

Denial Of Service PHP Null Pointer Dereference
NVD GitHub
CVSS 3.1
7.5
EPSS
14.9%
CVE-2016-7127 CRITICAL POC PATCH Act Now

The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption PHP Buffer Overflow
NVD GitHub
CVSS 3.0
9.8
EPSS
2.7%
CVE-2016-7129 CRITICAL POC PATCH Act Now

The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service PHP
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2016-7131 HIGH POC PATCH This Week

ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service PHP Null Pointer Dereference
NVD GitHub
CVSS 3.1
7.5
EPSS
6.4%
CVE-2016-7133 HIGH POC PATCH This Week

Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Integer Overflow Denial Of Service PHP
NVD GitHub
CVSS 3.0
8.1
EPSS
0.7%
CVE-2016-7130 HIGH POC PATCH This Week

The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service PHP Null Pointer Dereference
NVD GitHub
CVSS 3.0
7.5
EPSS
2.2%
CVE-2016-7125 HIGH POC PATCH This Week

ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Code Injection
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-7134 CRITICAL PATCH Act Now

ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of service (allocation error and heap-based buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service PHP Buffer Overflow
NVD GitHub
CVSS 3.0
9.8
EPSS
0.7%
CVE-2016-7128 MEDIUM POC PATCH This Month

The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Information Disclosure
NVD GitHub
CVSS 3.0
5.3
EPSS
2.2%
CVE-2016-6394 CRITICAL Act Now

Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Firesight System Software
NVD
CVSS 3.0
9.1
EPSS
0.3%
CVE-2016-6371 HIGH This Week

Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Cisco Hosted Collaboration Mediation Fulfillment
NVD
CVSS 3.0
7.5
EPSS
7.3%
CVE-2016-1469 HIGH This Week

The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Spa300 Firmware Spa500 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2016-6399 HIGH This Week

Cisco ACE30 Application Control Engine Module through A5 3.3 and ACE 4700 Application Control Engine appliances through A5 3.3 allow remote attackers to cause a denial of service (device reload) via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Ace Application Control Engine Module A1 Ace Application Control Engine Module A3 Ace Application Control Engine Module A4 +6
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-4852 MEDIUM This Month

YoruFukurou (NightOwl) before 2.85 relies on support for emoji skin-tone modifiers even though this support is missing from the CoreText CTFramesetter API on OS X 10.9, which allows remote attackers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Yorufukurou
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2016-5954 MEDIUM PATCH This Month

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF30, 8.0.0 through 8.0.0.1 CF21, and 8.5.0 before CF12 allows remote authenticated users to cause a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Authentication Bypass Websphere Portal
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2016-5927 MEDIUM PATCH This Month

IBM Tivoli Storage Manager for Space Management (aka Spectrum Protect for Space Management) 6.3.x before 6.3.2.6, 6.4.x before 6.4.3.3, and 7.1.x before 7.1.6, when certain dsmsetpw tracing is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Tivoli Storage Manager For Space Management
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-6395 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Firesight System Software
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-0331 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 6.0.1 and 6.0.2 before 6.0.2 iFix2 and Rational Collaborative Lifecycle Management 6.0.1 and 6.0.2 before 6.0.2 iFix2 allows. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Rational Collaborative Lifecycle Management Rational Team Concert
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-6396 MEDIUM This Month

Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain malware blocking options are enabled, allow remote attackers to bypass malware detection via. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Firesight System Software
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2016-6375 MEDIUM This Month

Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow remote attackers to cause a denial of service (device reload) by. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Cisco Denial Of Service Wireless Lan Controller Software Wireless Lan Controller Software 6 0 Wireless Lan Controller Software 7 0 +3
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-6398 MEDIUM This Month

The PPTP server in Cisco IOS 15.5(3)M does not properly initialize packet buffers, which allows remote attackers to obtain sensitive information from earlier network communication by reading packet. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure iOS
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-6370 MEDIUM This Month

Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote authenticated users to read arbitrary files via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cisco Hosted Collaboration Mediation Fulfillment
NVD
CVSS 3.0
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy