Skip to main content
CVE-2016-7415 CRITICAL POC Act Now

Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow International Components For Unicode
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2016-7417 CRITICAL POC PATCH Act Now

ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service PHP
NVD GitHub
CVSS 3.0
9.8
EPSS
2.2%
CVE-2016-7414 CRITICAL POC PATCH Act Now

The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service PHP Buffer Overflow
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2016-7413 CRITICAL POC PATCH Act Now

Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption PHP Denial Of Service Use After Free
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2016-7411 CRITICAL POC PATCH Act Now

ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Denial Of Service PHP Buffer Overflow
NVD GitHub
CVSS 3.0
9.8
EPSS
0.5%
CVE-2016-6938 CRITICAL Act Now

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Microsoft Adobe +4
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2016-6937 CRITICAL Act Now

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +4
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2016-5843 CRITICAL PATCH Act Now

Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Faq
NVD GitHub
CVSS 3.0
9.4
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy