Latest CVE Feed
-
7.8
HIGHCVE-2016-1369
The Adaptive Security Appliance (ASA) 5585-X FirePOWER Security Services Processor (SSP) module for Cisco ASA with FirePOWER Services 5.3.1 through 6.0.0 misconfigures kernel logging, which allows remote attackers to cause a denial of service (resource co... Read more
Affected Products : asa_with_firepower_services- EPSS Score: %0.53
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2016-1368
Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x through 5.4.0.3 on FirePOWER 7000 and 8000 appliances, and on the Advanced Malware Protection (AMP) for Networks component on these appliances, allows remote attackers to cause a denial of se... Read more
Affected Products : firesight_system_software- EPSS Score: %0.22
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2016-4535
Integer signedness error in the AV engine before DAT 8145, as used in McAfee LiveSafe 14.0, allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted packed executable.... Read more
Affected Products : livesafe- EPSS Score: %10.38
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
3.0
LOWCVE-2016-4534
The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and unlock the console window by closing registry handles.... Read more
- EPSS Score: %3.24
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2016-4351
SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway (TMEEG) 5.5 before build 1107 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more
Affected Products : email_encryption_gateway- EPSS Score: %0.77
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
5.9
MEDIUMCVE-2016-4008
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.8, when used without the ASN1_DECODE_FLAG_STRICT_DER flag, allows remote attackers to cause a denial of service (infinite recursion) via a crafted certificate.... Read more
- EPSS Score: %4.29
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
5.5
MEDIUMCVE-2016-3718
The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.... Read more
- Actively Exploited
- EPSS Score: %87.34
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
7.1
HIGHCVE-2016-3717
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.... Read more
- EPSS Score: %24.20
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2016-3716
The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.... Read more
- EPSS Score: %21.33
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
5.8
MEDIUMCVE-2016-3715
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.... Read more
- Actively Exploited
- EPSS Score: %86.04
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2016-3714
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageT... Read more
- Actively Exploited
- EPSS Score: %93.86
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
6.5
MEDIUMCVE-2016-2168
The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted heade... Read more
Affected Products : subversion- EPSS Score: %6.66
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2016-2167
The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm stri... Read more
Affected Products : subversion- EPSS Score: %0.39
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
8.2
HIGHCVE-2016-2176
The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ... Read more
Affected Products : openssl- EPSS Score: %10.16
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2016-2109
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.... Read more
- EPSS Score: %39.47
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2016-2108
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negativ... Read more
- EPSS Score: %65.50
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
5.9
MEDIUMCVE-2016-2107
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an A... Read more
Affected Products : android ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation leap enterprise_linux_server_aus enterprise_linux_server_eus openssl +5 more products- EPSS Score: %78.92
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2016-2106
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.... Read more
- EPSS Score: %38.41
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2016-2105
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.... Read more
Affected Products : ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation leap enterprise_linux_server_aus enterprise_linux_server_eus mysql openssl +5 more products- EPSS Score: %62.17
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2000-1254
crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging improper RSA key generation on... Read more
Affected Products : openssl- EPSS Score: %0.83
- Published: May. 05, 2016
- Modified: Apr. 12, 2025