Skip to main content
CVE-2016-10092 HIGH POC PATCH This Week

Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libtiff
NVD GitHub
CVSS 3.0
7.8
EPSS
2.3%
CVE-2016-10094 HIGH POC PATCH This Week

Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libtiff
NVD GitHub
CVSS 3.0
7.8
EPSS
0.8%
CVE-2016-10093 HIGH POC PATCH This Week

Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libtiff
NVD GitHub
CVSS 3.0
7.8
EPSS
0.7%
CVE-2016-5374 HIGH PATCH This Week

NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Data Ontap
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2017-5886 HIGH This Week

Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Podofo
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2017-5853 HIGH This Week

Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Podofo
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-6347 HIGH PATCH This Week

The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-6345 HIGH PATCH This Week

The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a denial of service (BUG_ON) or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-2880 HIGH PATCH This Week

IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-2879 HIGH PATCH This Week

IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-3826 HIGH This Week

A vulnerability in the Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA) with software before 1.1(1a) could allow an unauthenticated, remote attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Netflow Generation Appliance Software
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-5995 HIGH This Week

The NetApp ONTAP Select Deploy administration utility 2.0 through 2.2.1 might allow remote attackers to obtain sensitive information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2016-6485 HIGH PATCH This Week

The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe PHP Information Disclosure Magento2
NVD GitHub
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-2685 HIGH This Week

Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Siemens Information Disclosure Sinumerik Integrate Access Mymachine Ethernet Sinumerik Integrate Operate Client Sinumerik Operate
NVD
CVSS 3.0
7.4
EPSS
0.2%
CVE-2016-9994 HIGH PATCH This Week

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Kenexa Lcms Premier
NVD
CVSS 3.0
7.1
EPSS
0.2%
CVE-2016-9993 HIGH PATCH This Week

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Kenexa Lcms Premier
NVD
CVSS 3.0
7.1
EPSS
0.2%
CVE-2016-9992 HIGH PATCH This Week

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Kenexa Lcms Premier
NVD
CVSS 3.0
7.1
EPSS
0.2%
CVE-2016-10151 HIGH PATCH This Week

The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via. Rated high severity (CVSS 7.0).

Privilege Escalation Hesiod
NVD GitHub
CVSS 3.0
7.0
EPSS
0.1%
CVE-2017-6346 HIGH PATCH This Week

Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a. Rated high severity (CVSS 7.0).

Denial Of Service Race Condition Linux Linux Kernel
NVD GitHub
CVSS 3.1
7.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy