Skip to main content
CVE-2016-8706 HIGH POC THREAT Act Now

An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 51.8%.

Integer Overflow RCE Memcached
NVD
CVSS 3.0
8.1
EPSS
51.8%
Threat
4.7
CVE-2016-8704 CRITICAL POC THREAT Emergency

An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.3%.

Integer Overflow RCE Memcached
NVD
CVSS 3.0
9.8
EPSS
14.3%
CVE-2016-8705 CRITICAL POC THREAT Emergency

Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.6%.

Integer Overflow RCE Memcached
NVD
CVSS 3.0
9.8
EPSS
12.6%
CVE-2015-2868 CRITICAL POC Act Now

An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Comfortlink Ii Firmware
NVD
CVSS 3.0
9.8
EPSS
9.1%
CVE-2015-2867 CRITICAL POC Act Now

A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Comfortlink Ii Firmware
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2016-2336 CRITICAL POC Act Now

Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ruby
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2016-4336 CRITICAL POC Act Now

An exploitable out-of-bounds write exists in the Bzip2 parsing of the Lexmark Perspective Document Filters conversion functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Perceptive Document Filters
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2016-2337 CRITICAL POC Act Now

Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ruby
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2016-2339 CRITICAL POC Act Now

An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ruby
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2016-4335 HIGH POC This Week

An exploitable buffer overflow exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Perceptive Document Filters
NVD
CVSS 3.0
8.4
EPSS
3.5%
CVE-2016-4288 HIGH POC This Week

A local privilege escalation vulnerability exists in BlueStacks App Player. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Bluestacks
NVD
CVSS 3.0
8.4
EPSS
0.1%
CVE-2016-1548 HIGH POC This Week

An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ntp
NVD
CVSS 3.0
7.2
EPSS
5.4%
CVE-2016-5652 HIGH POC This Week

An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Libtiff
NVD
CVSS 3.0
7.0
EPSS
6.4%
CVE-2016-4294 HIGH POC This Week

When opening a Hangul Hcell Document (.cell) and processing a property record within the Workbook stream, Hancom Office 2014 will attempt to allocate space for an element using a length from the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Microsoft Hancom Office 2014
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2016-5646 HIGH POC This Week

An exploitable heap overflow vulnerability exists in the Compound Binary File Format (CBFF) parser functionality of Lexmark Perceptive Document Filters library. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Perceptive Document Filters
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2016-4298 HIGH POC This Week

When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a list of elements using a length from the file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Microsoft Hancom Office 2014
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2016-4296 HIGH POC This Week

When opening a Hangul Hcell Document (.cell) and processing a record that uses the CSSValFormat object, Hancom Office 2014 will search for an underscore ("_") character at the end of the string and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Microsoft Hancom Office 2014
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2016-4295 HIGH POC This Week

When opening a Hangul Hcell Document (.cell) and processing a particular record within the Workbook stream, an index miscalculation leading to a heap overlow can be made to occur in Hancom Office. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Microsoft Hancom Office 2014
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2016-4292 HIGH POC This Week

When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a static size to allocate a heap buffer yet explicitly trust a size from the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Microsoft Hancom Office 2014
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2016-4291 HIGH POC This Week

When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a field from the structure in an operation that can cause the integer to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Microsoft Hancom Office 2014
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2016-4290 HIGH POC This Week

When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a block of data within the file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Microsoft Hancom Office 2014
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2016-9885 CRITICAL Act Now

An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Gemfire For Pivotal Cloud Foundry
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2016-4306 MEDIUM POC This Month

Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Total Security
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-4307 MEDIUM POC This Month

A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass Internet Security
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-4305 MEDIUM POC This Month

A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass Internet Security
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-4304 MEDIUM POC This Month

A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass Internet Security
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-4329 MEDIUM POC This Month

A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Anti Virus Internet Security Total Security
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-8334 MEDIUM This Month

A large out-of-bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 13.5% and no vendor patch available.

Information Disclosure Buffer Overflow Reader
NVD
CVSS 3.0
6.8
EPSS
13.5%
CVE-2016-2376 HIGH PATCH This Week

A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Buffer Overflow Pidgin Ubuntu Linux Debian Linux
NVD
CVSS 3.0
8.1
EPSS
6.9%
CVE-2016-2368 HIGH PATCH This Week

Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Buffer Overflow Pidgin Ubuntu Linux Debian Linux
NVD
CVSS 3.0
8.1
EPSS
6.0%
CVE-2016-9867 HIGH This Week

An issue was discovered in EMC ScaleIO versions before 2.0.1.1. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Scaleio
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-2371 HIGH PATCH This Week

An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Memory Corruption Buffer Overflow RCE Pidgin Ubuntu Linux +1
NVD
CVSS 3.0
8.1
EPSS
3.5%
CVE-2016-2378 HIGH PATCH This Week

A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Buffer Overflow Pidgin Ubuntu Linux Debian Linux
NVD
CVSS 3.0
8.1
EPSS
3.3%
CVE-2016-2377 HIGH PATCH This Week

A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Buffer Overflow Pidgin Ubuntu Linux Debian Linux
NVD
CVSS 3.0
8.1
EPSS
3.3%
CVE-2016-2374 HIGH PATCH This Week

An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow RCE Pidgin Ubuntu Linux +1
NVD
CVSS 3.0
8.1
EPSS
2.8%
CVE-2016-4323 LOW POC PATCH Monitor

A directory traversal exists in the handling of the MXIT protocol in Pidgin. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Path Traversal Pidgin Ubuntu Linux Debian Linux
NVD
CVSS 3.0
3.7
EPSS
2.0%
CVE-2016-5684 HIGH This Week

An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Freeimage
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2016-9879 HIGH PATCH This Week

An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Authentication Bypass IBM Java Apache +2
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-1549 MEDIUM This Month

A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ntp
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2016-2369 MEDIUM PATCH This Month

A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Null Pointer Dereference Pidgin Ubuntu Linux Debian Linux
NVD
CVSS 3.0
5.9
EPSS
3.3%
CVE-2016-2365 MEDIUM PATCH This Month

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Pidgin Ubuntu Linux Debian Linux
NVD
CVSS 3.0
5.9
EPSS
3.3%
CVE-2016-2373 MEDIUM PATCH This Month

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Information Disclosure Buffer Overflow Pidgin Ubuntu Linux +1
NVD
CVSS 3.0
5.9
EPSS
2.0%
CVE-2016-2370 MEDIUM PATCH This Month

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Information Disclosure Buffer Overflow Pidgin Ubuntu Linux +1
NVD
CVSS 3.0
5.9
EPSS
2.0%
CVE-2016-2366 MEDIUM PATCH This Month

A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Information Disclosure Buffer Overflow Pidgin Ubuntu Linux +1
NVD
CVSS 3.0
5.9
EPSS
2.0%
CVE-2016-2367 MEDIUM PATCH This Month

An information leak exists in the handling of the MXIT protocol in Pidgin. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Information Disclosure Buffer Overflow Pidgin Ubuntu Linux +1
NVD
CVSS 3.0
5.9
EPSS
1.9%
CVE-2016-2372 MEDIUM PATCH This Month

An information leak exists in the handling of the MXIT protocol in Pidgin. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Information Disclosure Buffer Overflow Pidgin Ubuntu Linux +1
NVD
CVSS 3.0
5.9
EPSS
1.2%
CVE-2016-1547 MEDIUM This Month

An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ntp
NVD
CVSS 3.0
5.3
EPSS
3.7%
CVE-2016-1550 MEDIUM This Month

An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ntp
NVD
CVSS 3.0
5.3
EPSS
3.1%
CVE-2016-9868 MEDIUM This Month

An issue was discovered in EMC ScaleIO versions before 2.0.1.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Scaleio
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-9869 MEDIUM This Month

An issue was discovered in EMC ScaleIO versions before 2.0.1.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Scaleio
NVD
CVSS 3.0
5.5
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy