Skip to main content
CVE-2016-6374 CRITICAL Act Now

Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote attackers to execute arbitrary code via a crafted dnslookup command in an HTTP request, aka Bug ID CSCuz89093. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco RCE Cloud Services Platform 2100
NVD
CVSS 3.1
9.8
EPSS
5.6%
CVE-2016-6525 CRITICAL PATCH Act Now

Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service RCE Buffer Overflow Debian Linux Mupdf
NVD
CVSS 3.0
9.8
EPSS
5.4%
CVE-2016-5270 CRITICAL Act Now

Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Firefox
NVD
CVSS 3.0
9.8
EPSS
4.1%
CVE-2016-6406 CRITICAL Act Now

Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124, and 10.0.0-125 on Email Security Appliance (ESA) devices, when Enrollment Client before 1.0.2-065. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Email Security Appliance Firmware
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2016-5281 CRITICAL Act Now

Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Mozilla RCE Use After Free Firefox
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2016-5280 CRITICAL Act Now

Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Mozilla RCE Use After Free Firefox
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2016-5274 CRITICAL Act Now

Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Mozilla RCE Use After Free Firefox
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2016-5277 CRITICAL Act Now

Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Mozilla Buffer Overflow +2
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2016-5276 CRITICAL Act Now

Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Mozilla Buffer Overflow +2
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2016-5256 CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Firefox
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2016-5257 CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Firefox
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2016-6265 MEDIUM POC This Month

Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free Mupdf Leap +1
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2016-5275 HIGH This Week

Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code by leveraging improper. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow RCE Firefox
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2016-5278 HIGH This Week

Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow RCE Firefox
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2016-5273 HIGH This Week

The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Authentication Bypass Firefox
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2016-5272 HIGH This Week

The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Firefox
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2016-5283 HIGH This Week

Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2016-6340 HIGH This Week

The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Quickstart Cloud Installer
NVD
CVSS 3.0
8.4
EPSS
0.1%
CVE-2016-6322 HIGH This Week

Red Hat QuickStart Cloud Installer (QCI) uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Quickstart Cloud Installer
NVD
CVSS 3.0
8.4
EPSS
0.0%
CVE-2016-6669 HIGH This Week

Buffer overflow in the Authentication, Authorization and Accounting (AAA) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

RCE Buffer Overflow Huawei Usg2100 Firmware Usg2200 Firmware +2
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2016-6414 HIGH This Week

iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 and earlier, allows local users to execute arbitrary IOx Linux commands on the guest OS via crafted iox command-line options,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Apple Cisco iOS
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-5247 HIGH This Week

The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Lenovo Bios
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-5284 HIGH This Week

Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.0
7.4
EPSS
0.5%
CVE-2016-6373 HIGH This Week

The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote authenticated administrators to execute arbitrary OS commands as root via crafted platform commands, aka Bug ID. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Cisco Cloud Services Platform 2100
NVD
CVSS 3.0
7.2
EPSS
0.8%
CVE-2016-2827 MEDIUM This Month

The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a Content Security. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Mozilla Buffer Overflow Firefox
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2016-5271 MEDIUM This Month

The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via text runs in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Mozilla Buffer Overflow Firefox
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2016-5282 MEDIUM This Month

Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2014-2146 MEDIUM This Month

The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Authentication Bypass iOS Ios Xe
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-6824 MEDIUM This Month

Huawei AC6003, AC6005, AC6605, and ACU2 access controllers with software before V200R006C10SPC200 allows remote authenticated users to cause a denial of service (device restart) via crafted CAPWAP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Huawei Ac6003 Firmware Ac6005 Firmware Ac6605 Firmware +1
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-5279 MEDIUM This Month

Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.0
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy