Skip to main content
CVE-2016-8707 HIGH POC This Week

An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Imagemagick Debian Linux
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2016-9037 HIGH POC This Week

An exploitable out-of-bounds array access vulnerability exists in the xrow_header_decode function of Tarantool 1.7.2.0-g8e92715. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Tarantool
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2016-9036 HIGH POC This Week

An exploitable incorrect return value vulnerability exists in the mp_check function of Tarantool's Msgpuck library 1.0.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Msgpuck
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2016-6659 HIGH This Week

Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release (aka uaa-release) before 13.9 for UAA 3.6.5 and before 24 for UAA 3.9.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Cloud Foundry Uaa Bosh Cloud Foundry Cloud Foundry Uaa
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2016-7967 HIGH This Week

KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Kmail
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2016-6671 HIGH This Week

The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Ffmpeg
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2016-7502 HIGH This Week

The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Ffmpeg
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-7450 HIGH This Week

The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Ffmpeg
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-9154 HIGH This Week

Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Desigo Web Module Pxa30 W0 Firmware Desigo Web Module Pxa30 W1 Firmware Desigo Web Module Pxa30 W2 Firmware +3
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2016-7966 HIGH This Week

Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Kmail Debian Linux Fedora +1
NVD
CVSS 3.0
7.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy