Latest CVE Feed
-
6.8
MEDIUMCVE-2016-4962
The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas o... Read more
- EPSS Score: %0.09
- Published: Jun. 07, 2016
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2016-4450
os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file... Read more
- EPSS Score: %3.14
- Published: Jun. 07, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2016-4437
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.... Read more
- Actively Exploited
- EPSS Score: %94.30
- Published: Jun. 07, 2016
- Modified: Apr. 12, 2025
-
8.8
HIGHCVE-2016-2335
The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descri... Read more
- EPSS Score: %1.80
- Published: Jun. 07, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2015-7695
The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query.... Read more
- EPSS Score: %1.23
- Published: Jun. 07, 2016
- Modified: Apr. 12, 2025
-
9.3
HIGHCVE-2015-7611
Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.... Read more
- EPSS Score: %76.24
- Published: Jun. 07, 2016
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2015-5723
Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions ... Read more
Affected Products : debian_linux zend_framework aws_software_development_kit zend-cache object_relational_mapper doctrinemongodbbundle common annotations mongodb-odm cache +1 more products- EPSS Score: %0.10
- Published: Jun. 07, 2016
- Modified: Apr. 12, 2025
-
7.1
HIGHCVE-2015-5261
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.... Read more
- EPSS Score: %0.09
- Published: Jun. 07, 2016
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2015-5260
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.... Read more
- EPSS Score: %0.24
- Published: Jun. 07, 2016
- Modified: Apr. 12, 2025
-
5.5
MEDIUMCVE-2015-5231
The service daemon in CRIU does not properly restrict access to non-dumpable processes, which allows local users to obtain sensitive information via (1) process dumps or (2) ptrace access.... Read more
- EPSS Score: %0.06
- Published: Jun. 07, 2016
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2015-5228
The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path.... Read more
- EPSS Score: %0.14
- Published: Jun. 07, 2016
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2014-9747
The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font.... Read more
- EPSS Score: %1.16
- Published: Jun. 07, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2014-9746
The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not ... Read more
- EPSS Score: %0.85
- Published: Jun. 07, 2016
- Modified: Apr. 12, 2025
-
6.5
MEDIUMCVE-2014-8177
The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit when combined.... Read more
- EPSS Score: %0.22
- Published: Jun. 07, 2016
- Modified: Apr. 12, 2025
-
9.1
CRITICALCVE-2015-5041
The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.... Read more
- EPSS Score: %0.89
- Published: Jun. 06, 2016
- Modified: Apr. 12, 2025
-
8.8
HIGHCVE-2016-1703
Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.... Read more
- EPSS Score: %1.00
- Published: Jun. 05, 2016
- Modified: Apr. 12, 2025
-
6.5
MEDIUMCVE-2016-1702
The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized ... Read more
- EPSS Score: %1.42
- Published: Jun. 05, 2016
- Modified: Apr. 12, 2025
-
8.8
HIGHCVE-2016-1701
The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly h... Read more
- EPSS Score: %1.35
- Published: Jun. 05, 2016
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2016-1700
extensions/renderer/runtime_custom_bindings.cc in Google Chrome before 51.0.2704.79 does not consider side effects during creation of an array of extension views, which allows remote attackers to cause a denial of service (use-after-free) or possibly have... Read more
- EPSS Score: %1.72
- Published: Jun. 05, 2016
- Modified: Apr. 12, 2025
-
6.5
MEDIUMCVE-2016-1699
WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot... Read more
- EPSS Score: %0.58
- Published: Jun. 05, 2016
- Modified: Apr. 12, 2025