A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07.
Max CVSS
8.8
EPSS Score
0.76%
Published
2019-12-03
Updated
2020-02-03
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
Max CVSS
9.8
EPSS Score
1.38%
Published
2017-05-23
Updated
2022-08-16
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
Max CVSS
8.8
EPSS Score
1.35%
Published
2017-05-23
Updated
2022-08-16
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
Max CVSS
9.8
EPSS Score
1.16%
Published
2017-05-23
Updated
2022-08-16
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
Max CVSS
8.8
EPSS Score
1.35%
Published
2017-05-23
Updated
2022-08-16
Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.
Max CVSS
9.8
EPSS Score
0.80%
Published
2016-12-12
Updated
2022-06-01
The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862.
Max CVSS
8.8
EPSS Score
0.56%
Published
2017-02-15
Updated
2021-04-28
The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure.
Max CVSS
8.8
EPSS Score
0.44%
Published
2017-02-15
Updated
2021-04-20
Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.
Max CVSS
9.8
EPSS Score
2.80%
Published
2017-02-06
Updated
2019-04-15
Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317.
Max CVSS
9.8
EPSS Score
2.80%
Published
2017-02-06
Updated
2019-04-15
Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.
Max CVSS
9.8
EPSS Score
1.65%
Published
2016-08-07
Updated
2022-07-20
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.
Max CVSS
9.8
EPSS Score
1.16%
Published
2016-08-07
Updated
2022-07-20
Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096.
Max CVSS
9.8
EPSS Score
2.86%
Published
2016-08-07
Updated
2022-07-20
SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query.
Max CVSS
9.8
EPSS Score
0.32%
Published
2016-07-03
Updated
2018-10-30
Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.
Max CVSS
8.1
EPSS Score
0.73%
Published
2016-08-10
Updated
2020-05-08
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.
Max CVSS
8.1
EPSS Score
20.02%
Published
2016-07-19
Updated
2022-09-07
Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.
Max CVSS
8.8
EPSS Score
0.37%
Published
2018-03-12
Updated
2018-04-05
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.
Max CVSS
9.8
EPSS Score
1.25%
Published
2017-05-23
Updated
2018-10-30
Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.
Max CVSS
8.8
EPSS Score
1.38%
Published
2017-05-23
Updated
2018-10-30
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
Max CVSS
8.8
EPSS Score
10.58%
Published
2016-07-23
Updated
2019-03-26
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.
Max CVSS
10.0
EPSS Score
72.30%
Published
2016-06-10
Updated
2023-08-01
The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.
Max CVSS
9.8
EPSS Score
1.38%
Published
2016-05-22
Updated
2022-07-20
Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.
Max CVSS
9.8
EPSS Score
0.70%
Published
2016-05-22
Updated
2022-07-20
The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.
Max CVSS
8.8
EPSS Score
29.08%
Published
2016-05-22
Updated
2022-07-20
The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.
Max CVSS
9.8
EPSS Score
1.72%
Published
2016-09-26
Updated
2022-06-30