Skip to main content
CVE-2016-8707 HIGH POC This Week

An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Imagemagick Debian Linux
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2016-9037 HIGH POC This Week

An exploitable out-of-bounds array access vulnerability exists in the xrow_header_decode function of Tarantool 1.7.2.0-g8e92715. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Tarantool
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2016-9036 HIGH POC This Week

An exploitable incorrect return value vulnerability exists in the mp_check function of Tarantool's Msgpuck library 1.0.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Msgpuck
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2016-6659 HIGH This Week

Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release (aka uaa-release) before 13.9 for UAA 3.6.5 and before 24 for UAA 3.9.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Cloud Foundry Uaa Bosh Cloud Foundry Cloud Foundry Uaa
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2016-7967 HIGH This Week

KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Kmail
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2016-6671 HIGH This Week

The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Ffmpeg
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2016-7502 HIGH This Week

The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Ffmpeg
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-7450 HIGH This Week

The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Ffmpeg
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-9154 HIGH This Week

Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Desigo Web Module Pxa30 W0 Firmware Desigo Web Module Pxa30 W1 Firmware Desigo Web Module Pxa30 W2 Firmware +3
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2016-7966 HIGH This Week

Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Kmail Debian Linux Fedora +1
NVD
CVSS 3.0
7.3
EPSS
0.3%
CVE-2016-2312 MEDIUM This Month

Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kscreenlocker Plasma Workspace Fedora Leap
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2016-7968 MEDIUM This Month

KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Kmail
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-9911 MEDIUM PATCH This Month

Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Qemu Debian Linux Openstack Virtualization
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2016-9907 MEDIUM PATCH This Month

Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Qemu Debian Linux Openstack Virtualization
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2016-9912 MEDIUM PATCH This Month

Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Qemu
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2016-9921 MEDIUM PATCH This Month

Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux Openstack Virtualization
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2016-9889 MEDIUM This Month

Some forms with the parameter geo_zoomlevel_to_found_location in Tiki Wiki CMS 12.x before 12.10 LTS, 15.x before 15.3 LTS, and 16.x before 16.1 don't have the input sanitized, related to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Tikiwiki Cms Groupware
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-7562 MEDIUM This Month

The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Ffmpeg
NVD
CVSS 3.0
5.5
EPSS
0.6%
CVE-2016-7905 MEDIUM This Month

The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Ffmpeg
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2016-6881 MEDIUM This Month

The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ffmpeg
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2016-7555 MEDIUM This Month

The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ffmpeg
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2016-7785 MEDIUM This Month

The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ffmpeg
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2016-8595 MEDIUM This Month

The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ffmpeg
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-9561 MEDIUM This Month

The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ffmpeg
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-7122 MEDIUM This Month

The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ffmpeg
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-9923 MEDIUM PATCH This Month

Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Memory Corruption Denial Of Service Use After Free Qemu
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2016-6910 MEDIUM This Month

The non-existent notification listener vulnerability was introduced in the initial Android 5.0.2 builds for the Samsung Galaxy S6 Edge devices, but the vulnerability can persist on the device even. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Samsung Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-7787 MEDIUM PATCH This Month

A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Kde Cli Tools Leap Opensuse
NVD
CVSS 3.0
4.9
EPSS
0.5%
CVE-2016-9908 LOW PATCH Monitor

Quick Emulator (Qemu) built with the Virtio GPU Device emulator support is vulnerable to an information leakage issue. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Qemu
NVD
CVSS 3.1
3.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy