Skip to main content
CVE-2016-2226 HIGH POC This Week

Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Libiberty
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
9.3%
CVE-2017-6099 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Merchant Sdk Php
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2014-9916 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Bilboplanet 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) tribe_name or (2) tags parameter in a tribes page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Bilboplanet
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2017-6197 MEDIUM POC PATCH This Month

The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-2790 HIGH This Week

When processing a record type of 0x3c from a Workbook stream from an Excel file (.xls), JustSystems Ichitaro Office trusts that the size is greater than zero, subtracts one from the length, and uses. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Microsoft Ichitaro
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2017-2789 HIGH This Week

When copying filedata into a buffer, JustSystems Ichitaro Office 2016 Trial will calculate two values to determine how much data to copy from the document. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Microsoft Ichitaro
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2016-9975 HIGH PATCH This Week

IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Dashboard Application Services Hub
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-6306 HIGH PATCH This Week

An issue was discovered in ytnef before 1.9.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Ytnef Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
0.5%
CVE-2017-6309 HIGH PATCH This Week

An issue was discovered in tnef before 1.4.13. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Tnef Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-6307 HIGH PATCH This Week

An issue was discovered in tnef before 1.4.13. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Tnef Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-6308 HIGH PATCH This Week

An issue was discovered in tnef before 1.4.13. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Tnef Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-6304 HIGH PATCH This Week

An issue was discovered in ytnef before 1.9.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Ytnef Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-6301 HIGH PATCH This Week

An issue was discovered in ytnef before 1.9.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Ytnef Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-6310 HIGH PATCH This Week

An issue was discovered in tnef before 1.4.13. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Tnef Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-6196 HIGH PATCH This Week

Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Afpl Ghostscript
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-6300 HIGH PATCH This Week

An issue was discovered in ytnef before 1.9.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Ytnef Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-6305 HIGH PATCH This Week

An issue was discovered in ytnef before 1.9.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Ytnef Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-6303 HIGH PATCH This Week

An issue was discovered in ytnef before 1.9.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Ytnef Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-6302 HIGH PATCH This Week

An issue was discovered in ytnef before 1.9.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Ytnef Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-6298 HIGH PATCH This Week

An issue was discovered in ytnef before 1.9.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Ytnef Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-5669 HIGH PATCH This Week

The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Authentication Bypass Linux Kernel Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2016-8998 HIGH PATCH This Week

IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow RCE IBM Tivoli Storage Manager
NVD
CVSS 3.0
7.2
EPSS
2.4%
CVE-2017-2791 HIGH This Week

JustSystems Ichitaro 2016 Trial contains a vulnerability that exists when trying to open a specially crafted PowerPoint file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Ichitaro
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-4041 HIGH PATCH This Week

Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Plone
NVD
CVSS 3.0
7.3
EPSS
0.4%
CVE-2016-4490 MEDIUM This Month

Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Libiberty
NVD
CVSS 3.0
5.5
EPSS
0.6%
CVE-2016-4491 MEDIUM PATCH This Month

The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Libiberty
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2016-4493 MEDIUM PATCH This Month

The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Libiberty
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2016-4489 MEDIUM This Month

Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the "demangling of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Libiberty
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2016-4488 MEDIUM This Month

Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "ktypevec.". Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Use After Free Libiberty
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-6299 MEDIUM PATCH This Month

An issue was discovered in ytnef before 1.9.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Ytnef Debian Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2016-5027 MEDIUM PATCH This Month

dwarf_form.c in libdwarf 20160115 allows remote attackers to cause a denial of service (crash) via a crafted elf file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Libdwarf
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-6076 MEDIUM PATCH This Month

In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes it easier to extract RSA key information for a malicious user who has access to view cache on a machine. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Wolfssl
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-4487 MEDIUM This Month

Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to "btypevec.". Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Use After Free Libiberty
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-4042 MEDIUM PATCH This Month

Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Plone
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-4043 MEDIUM PATCH This Month

Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Python Privilege Escalation Plone
NVD
CVSS 3.0
4.9
EPSS
0.1%
CVE-2016-4492 MEDIUM PATCH This Month

Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Libiberty
NVD
CVSS 3.0
4.4
EPSS
0.2%
CVE-2016-9009 LOW PATCH Monitor

IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

Denial Of Service IBM Websphere Mq
NVD
CVSS 3.0
3.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy