Skip to main content
CVE-2016-9299 CRITICAL POC PATCH THREAT Act Now

The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 89.2%.

Code Injection RCE Java Jenkins LDAP +1
NVD Exploit-DB VulDB
CVSS 3.0
9.8
EPSS
89.2%
Threat
6.1
CVE-2016-9131 HIGH PATCH Act Now

named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 72.8%.

Denial Of Service Bind Debian Linux Enterprise Linux Desktop Enterprise Linux Eus +8
NVD
CVSS 3.1
7.5
EPSS
72.8%
CVE-2016-9147 HIGH PATCH Act Now

named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 56.2%.

Denial Of Service Bind
NVD
CVSS 3.0
7.5
EPSS
56.2%
CVE-2016-7479 CRITICAL POC THREAT Emergency

In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.2%.

Memory Corruption PHP RCE Use After Free
NVD
CVSS 3.0
9.8
EPSS
20.2%
Threat
4.1
CVE-2016-9444 HIGH PATCH Act Now

named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 50.5%.

Denial Of Service Bind
NVD
CVSS 3.0
7.5
EPSS
50.5%
CVE-2016-7791 CRITICAL POC Act Now

Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Exponent Cms
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2016-7790 CRITICAL POC Act Now

Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Exponent Cms
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2017-5225 HIGH POC PATCH This Week

LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Libtiff
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2017-5345 HIGH POC PATCH This Week

SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax.control.php in GeniXCMS 0.0.8 allows remote authenticated editors to execute arbitrary SQL commands via the term parameter to the default. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Genixcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.4%
CVE-2016-3149 CRITICAL Act Now

Barco ClickShare CSC-1 devices with firmware before 01.09.03 and CSM-1 devices with firmware before 01.06.02 allow remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.2% and no vendor patch available.

RCE Clickshare Csc 1 Firmware Clickshare Csm 1 Firmware
NVD
CVSS 3.0
9.8
EPSS
14.2%
CVE-2016-6772 HIGH POC This Week

An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Google Android
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.4%
CVE-2016-6492 HIGH POC This Week

The MT6573FDVT_SetRegHW function in camera_fdvt.c in the MediaTek driver for Linux allows local users to gain privileges via a crafted application that makes an MT6573FDVTIOC_T_SET_FDCONF_CMD IOCTL. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mediatek Privilege Escalation Android
NVD VulDB
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-5346 HIGH POC PATCH This Week

SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Genixcms
NVD GitHub
CVSS 3.0
7.2
EPSS
1.1%
CVE-2017-5347 HIGH POC This Week

SQL injection vulnerability in inc/mod/newsletter/options.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the recipient parameter to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Genixcms
NVD GitHub
CVSS 3.0
7.2
EPSS
0.4%
CVE-2016-10131 CRITICAL PATCH GHSA Act Now

system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE PHP Codeigniter
NVD GitHub
CVSS 3.0
9.8
EPSS
3.1%
CVE-2016-5715 MEDIUM POC This Month

Open redirect vulnerability in the Console in Puppet Enterprise 2015.x and 2016.x before 2016.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Puppet Enterprise
NVD VulDB
CVSS 3.0
6.1
EPSS
0.7%
CVE-2016-8438 CRITICAL Act Now

Integer overflow leading to a TOCTOU condition in hypervisor PIL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Google Buffer Overflow Linux Kernel
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2016-8398 CRITICAL Act Now

Unauthenticated messages processed by the UE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-3152 CRITICAL Act Now

Barco ClickShare CSC-1 devices with firmware before 01.09.03 allow remote attackers to obtain the root password by downloading and extracting the firmware image. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Clickshare Csc 1 Firmware
NVD VulDB
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-8459 CRITICAL Act Now

Possible buffer overflow in storage subsystem. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Linux Kernel
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-8439 CRITICAL Act Now

Possible buffer overflow in trust zone access control API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Linux Kernel
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-8437 CRITICAL Act Now

Improper input validation in Access Control APIs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-8440 CRITICAL Act Now

Possible buffer overflow in SMMU system call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Linux Kernel
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2016-8606 CRITICAL PATCH Act Now

The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Authentication Bypass Guile Fedora
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-0382 HIGH This Week

A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-6768 HIGH This Week

A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Google Authentication Bypass Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-8430 HIGH This Week

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Nvidia Privilege Escalation Google Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-8429 HIGH This Week

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Nvidia Privilege Escalation Google Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-8428 HIGH This Week

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Nvidia Privilege Escalation Google Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-8427 HIGH This Week

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Nvidia Privilege Escalation Google Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-8426 HIGH This Week

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Nvidia Privilege Escalation Google Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-8425 HIGH This Week

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Nvidia Privilege Escalation Google Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-8424 HIGH This Week

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Nvidia Privilege Escalation Google Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-8432 HIGH This Week

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Nvidia Privilege Escalation Google Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-8431 HIGH This Week

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Nvidia Privilege Escalation Google Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-6762 HIGH This Week

An elevation of privilege vulnerability in the libziparchive library could enable a local malicious application to execute arbitrary code within the context of a privileged process. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-6789 HIGH This Week

An elevation of privilege vulnerability in the NVIDIA libomx library (libnvomx) could enable a local malicious application to execute arbitrary code within the context of a privileged process. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Nvidia Google Authentication Bypass Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-6777 HIGH This Week

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Nvidia Google Authentication Bypass Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-6776 HIGH This Week

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Nvidia Google Authentication Bypass Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-6775 HIGH This Week

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Nvidia Google Authentication Bypass Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-6790 HIGH This Week

An elevation of privilege vulnerability in the NVIDIA libomx library (libnvomx) could enable a local malicious application to execute arbitrary code within the context of a privileged process. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Nvidia Google Authentication Bypass Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-6761 HIGH This Week

An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google RCE Authentication Bypass Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-6760 HIGH This Week

An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google RCE Authentication Bypass Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-6759 HIGH This Week

An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google RCE Authentication Bypass Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-6758 HIGH This Week

An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google RCE Authentication Bypass Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0386 HIGH This Week

An elevation of privilege vulnerability in the libnl library could enable a local malicious application to execute arbitrary code within the context of a privileged process. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0381 HIGH PATCH This Week

An information disclosure vulnerability in silk/NLSF_stabilize.c in libopus in Mediaserver could enable a local malicious application to access data outside of its permission levels. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0384 HIGH PATCH This Week

An elevation of privilege vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to execute arbitrary code within the context of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-8441 HIGH This Week

Possible buffer overflow in the hypervisor. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-8442 HIGH This Week

Possible unauthorized memory access in the hypervisor. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.1%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy