Skip to main content
CVE-2016-2182 CRITICAL Act Now

The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 29.2% and no vendor patch available.

OpenSSL Denial Of Service Memory Corruption Buffer Overflow Icewall Federation Agent +4
NVD
CVSS 3.0
9.8
EPSS
29.2%
CVE-2016-6303 CRITICAL PATCH Act Now

Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 26.2%.

OpenSSL Denial Of Service Memory Corruption Buffer Overflow Node Js
NVD
CVSS 3.1
9.8
EPSS
26.2%
CVE-2016-2181 HIGH Act Now

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 24.3% and no vendor patch available.

Denial Of Service OpenSSL Linux
NVD
CVSS 3.0
7.5
EPSS
24.3%
CVE-2016-2179 HIGH Act Now

The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 18.3% and no vendor patch available.

Denial Of Service OpenSSL Linux
NVD
CVSS 3.0
7.5
EPSS
18.3%
CVE-2016-4263 CRITICAL Act Now

Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Memory Corruption RCE Use After Free Digital Editions
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2016-4262 CRITICAL Act Now

Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adobe Buffer Overflow RCE Digital Editions
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2016-4261 CRITICAL Act Now

Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adobe Buffer Overflow RCE Digital Editions
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2016-4260 CRITICAL Act Now

Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adobe Buffer Overflow RCE Digital Editions
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2016-4259 CRITICAL Act Now

Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adobe Buffer Overflow RCE Digital Editions
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2016-4258 CRITICAL Act Now

Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adobe Buffer Overflow RCE Digital Editions
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2016-4257 CRITICAL Act Now

Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adobe Buffer Overflow RCE Digital Editions
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2016-4256 CRITICAL Act Now

Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4257,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adobe Buffer Overflow RCE Digital Editions
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2016-6302 HIGH PATCH Act Now

The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.4%.

Denial Of Service OpenSSL Linux Solaris
NVD
CVSS 3.0
7.5
EPSS
10.4%
CVE-2016-6936 HIGH This Week

Adobe AIR SDK & Compiler before 23.0.0.257 on Windows does not support Android runtime-analytics transport security, which might allow remote attackers to obtain sensitive information by leveraging. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Google Information Disclosure Microsoft Air Sdk Compiler
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2016-7420 MEDIUM PATCH This Month

Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Crypto
NVD GitHub
CVSS 3.0
5.9
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy