Skip to main content
CVE-2016-6664 HIGH POC PATCH THREAT Act Now

mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and. Rated high severity (CVSS 7.0). Public exploit code available and EPSS exploitation probability 54.4%.

Information Disclosure Oracle MySQL MariaDB Percona Server +1
NVD Exploit-DB
CVSS 3.1
7.0
EPSS
54.4%
Threat
4.5
CVE-2016-5841 CRITICAL POC PATCH THREAT Act Now

Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 23.0%.

Integer Overflow RCE Denial Of Service Imagemagick Solaris
NVD GitHub
CVSS 3.0
9.8
EPSS
23.0%
Threat
4.1
CVE-2016-2334 HIGH POC PATCH THREAT Act Now

Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.3%.

RCE Buffer Overflow 7 Zip Fedora Solaris
NVD
CVSS 3.0
7.8
EPSS
16.3%
CVE-2015-3210 CRITICAL POC Act Now

Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Pcre2 Pcre
NVD
CVSS 3.1
9.8
EPSS
5.7%
CVE-2016-5689 CRITICAL POC PATCH Act Now

The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of NULL pointer checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Solaris Imagemagick
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2016-5690 CRITICAL POC PATCH Act Now

The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact via vectors involving the for statement in computing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Solaris Imagemagick
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2016-5691 CRITICAL POC PATCH Act Now

The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have unspecified impact by leveraging lack of validation of (1) pixel.red, (2) pixel.green, and (3). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Solaris Imagemagick
NVD GitHub
CVSS 3.0
9.8
EPSS
1.3%
CVE-2015-5073 CRITICAL POC Act Now

Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Powerkvm Pcre
NVD
CVSS 3.0
9.1
EPSS
0.5%
CVE-2016-6491 HIGH POC PATCH This Week

Buffer overflow in the Get8BIMProperty function in MagickCore/property.c in ImageMagick before 6.9.5-4 and 7.x before 7.0.2-6 allows remote attackers to cause a denial of service (out-of-bounds read,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Information Disclosure Buffer Overflow Imagemagick Solaris
NVD GitHub
CVSS 3.0
8.8
EPSS
1.2%
CVE-2016-5647 HIGH POC PATCH This Week

The igdkmd64 module in the Intel Graphics Driver through 15.33.42.435, 15.36.x through 15.36.30.4385, and 15.40.x through 15.40.4404 on Windows allows local users to cause a denial of service (crash). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Intel Privilege Escalation Denial Of Service Microsoft Graphics Driver
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-5842 HIGH POC PATCH This Week

MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Imagemagick Solaris
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2016-6663 HIGH POC PATCH This Week

Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Information Disclosure Oracle MySQL Percona Server +2
NVD GitHub Exploit-DB
CVSS 3.0
7.0
EPSS
3.4%
CVE-2015-3217 HIGH POC PATCH This Week

PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Pcre2 Pcre Powerkvm
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2016-7949 CRITICAL Act Now

Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Libxrender Fedora
NVD
CVSS 3.0
9.8
EPSS
4.8%
CVE-2016-7942 CRITICAL Act Now

The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Fedora Libx11
NVD
CVSS 3.0
9.8
EPSS
4.7%
CVE-2016-7943 CRITICAL Act Now

The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Fedora Libx11
NVD
CVSS 3.0
9.8
EPSS
4.4%
CVE-2016-7948 CRITICAL Act Now

X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Libxrandr Fedora
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2016-7947 CRITICAL Act Now

Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Fedora Libxrandr
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2016-4322 CRITICAL Act Now

BMC BladeLogic Server Automation (BSA) before 8.7 Patch 3 allows remote attackers to bypass authentication and consequently read arbitrary files or possibly have unspecified other impact by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bladelogic Server Automation Console
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2016-5407 CRITICAL PATCH Act Now

The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Libxv Fedora
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2016-7953 CRITICAL Act Now

Buffer underflow in X.org libXvMC before 1.0.10 allows remote X servers to have unspecified impact via an empty string. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Fedora Libxvmc
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2016-5687 CRITICAL Act Now

The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Imagemagick Solaris
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2016-7950 CRITICAL Act Now

The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Libxrender Fedora
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2016-7951 CRITICAL Act Now

Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Fedora Libxtst
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2016-7944 CRITICAL Act Now

Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Libxfixes Fedora
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-6520 CRITICAL PATCH Act Now

Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Imagemagick
NVD GitHub
CVSS 3.1
9.1
EPSS
3.4%
CVE-2016-5688 HIGH PATCH This Week

The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Solaris Imagemagick
NVD GitHub
CVSS 3.0
8.1
EPSS
2.2%
CVE-2016-6699 HIGH PATCH This Week

A remote code execution vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Google Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-6706 HIGH PATCH This Week

An elevation of privilege vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-7945 HIGH This Week

Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Fedora Libxi
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2016-7946 HIGH This Week

X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Libxi Fedora
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2016-7952 HIGH This Week

X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Fedora Libxtst
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2015-3418 HIGH This Week

The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service X Server
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-5060 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) description, (2) email, or (3) username parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Ngrinder
NVD GitHub
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-6313 MEDIUM This Month

The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libgcrypt Debian Linux Ubuntu Linux Gnupg
NVD
CVSS 3.0
5.3
EPSS
3.2%
CVE-2016-6711 MEDIUM PATCH This Month

A remote denial of service vulnerability in libvpx in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker to use a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Google Android
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2016-6712 MEDIUM PATCH This Month

A remote denial of service vulnerability in libvpx in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker to use a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Google Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-7439 MEDIUM This Month

The C software implementation of RSA in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Wolfssl
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-7438 MEDIUM This Month

The C software implementation of ECC in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Wolfssl
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-6720 MEDIUM PATCH This Month

An information disclosure vulnerability in libstagefright in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-6722 MEDIUM PATCH This Month

An information disclosure vulnerability in libstagefright in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-7440 MEDIUM PATCH This Month

The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure MariaDB MySQL Wolfssl Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy