Latest CVE Feed
-
4.3
MEDIUMCVE-2016-3716
The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.... Read more
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
5.8
MEDIUMCVE-2016-3715
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.... Read more
- Actively Exploited
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2016-3714
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageT... Read more
- Actively Exploited
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
6.5
MEDIUMCVE-2016-2168
The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted heade... Read more
Affected Products : subversion- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2016-2167
The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm stri... Read more
Affected Products : subversion- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
8.2
HIGHCVE-2016-2176
The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ... Read more
Affected Products : openssl- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2016-2109
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.... Read more
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2016-2108
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negativ... Read more
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
5.9
MEDIUMCVE-2016-2107
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an A... Read more
Affected Products : android ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation leap enterprise_linux_server_aus enterprise_linux_server_eus openssl +5 more products- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2016-2106
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.... Read more
- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2016-2105
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.... Read more
Affected Products : ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation leap enterprise_linux_server_aus enterprise_linux_server_eus mysql openssl +5 more products- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2000-1254
crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging improper RSA key generation on... Read more
Affected Products : openssl- Published: May. 05, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2016-0895
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity.... Read more
Affected Products : rsa_data_loss_prevention- Published: May. 03, 2016
- Modified: Apr. 12, 2025
-
6.5
MEDIUMCVE-2016-0894
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to bypass intended object access restrictions via a modified parameter.... Read more
Affected Products : rsa_data_loss_prevention- Published: May. 03, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2016-0893
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to obtain sensitive information by reading error messages.... Read more
Affected Products : rsa_data_loss_prevention- Published: May. 03, 2016
- Modified: Apr. 12, 2025
-
6.1
MEDIUMCVE-2016-0892
Cross-site scripting (XSS) vulnerability in EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more
Affected Products : rsa_data_loss_prevention- Published: May. 03, 2016
- Modified: Apr. 12, 2025
-
4.9
MEDIUMCVE-2016-3951
Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB... Read more
Affected Products : linux_kernel ubuntu_linux suse_linux_enterprise_desktop suse_linux_enterprise_server suse_linux_enterprise_software_development_kit suse_linux_enterprise_software_development_kit suse_linux_enterprise_real_time_extension suse_linux_enterprise_live_patching suse_linux_enterprise_module_for_public_cloud suse_linux_enterprise_workstation_extension- Published: May. 02, 2016
- Modified: Apr. 12, 2025
-
4.9
MEDIUMCVE-2016-3689
The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.... Read more
Affected Products : linux_kernel ubuntu_linux suse_linux_enterprise_desktop suse_linux_enterprise_server suse_linux_enterprise_software_development_kit suse_linux_enterprise_real_time_extension suse_linux_enterprise_live_patching suse_linux_enterprise_module_for_public_cloud suse_linux_enterprise_workstation_extension- Published: May. 02, 2016
- Modified: Apr. 12, 2025
-
4.9
MEDIUMCVE-2016-3140
The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB devi... Read more
Affected Products : linux_kernel ubuntu_linux suse_linux_enterprise_desktop suse_linux_enterprise_server suse_linux_enterprise_software_development_kit suse_linux_enterprise_real_time_extension suse_linux_enterprise_debuginfo suse_linux_enterprise_live_patching suse_linux_enterprise_module_for_public_cloud suse_linux_enterprise_workstation_extension- Published: May. 02, 2016
- Modified: Apr. 12, 2025
-
4.9
MEDIUMCVE-2016-3138
The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoi... Read more
Affected Products : linux_kernel ubuntu_linux suse_linux_enterprise_desktop suse_linux_enterprise_server suse_linux_enterprise_software_development_kit suse_linux_enterprise_real_time_extension suse_linux_enterprise_debuginfo suse_linux_enterprise_live_patching suse_linux_enterprise_module_for_public_cloud suse_linux_enterprise_workstation_extension- Published: May. 02, 2016
- Modified: Apr. 12, 2025