Skip to main content
CVE-2016-7954 CRITICAL POC PATCH Act Now

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Bundler
NVD GitHub
CVSS 3.0
9.8
EPSS
2.8%
CVE-2016-9180 CRITICAL Act Now

perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Xml Twig For Perl
NVD
CVSS 3.0
9.1
EPSS
0.4%
CVE-2016-9675 HIGH PATCH This Week

openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow RCE Openjpeg Enterprise Linux +3
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2016-9179 HIGH This Week

lynx: It was found that Lynx doesn't parse the authority component of the URL correctly when the host name part ends with '?', and could instead be tricked into connecting to a different host. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lynx
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-9181 HIGH This Week

perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE Information Disclosure Image Info For Perl
NVD
CVSS 3.0
7.1
EPSS
0.3%
CVE-2016-7091 MEDIUM PATCH This Month

sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Red Hat Information Disclosure Enterprise Linux Enterprise Linux Desktop Enterprise Linux Hpc Node +2
NVD
CVSS 3.0
4.4
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy