Skip to main content
CVE-2016-1896 CRITICAL Act Now

Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Printer Firmware
NVD
CVSS 3.0
9.8
EPSS
9.4%
CVE-2015-6319 CRITICAL Act Now

SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco SQLi Rv Series Router Firmware Opensolaris
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2016-1982 HIGH This Week

The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Privoxy
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2016-1983 HIGH This Week

The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Privoxy
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2015-8618 HIGH PATCH This Week

The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Leap Go
NVD GitHub
CVSS 3.0
7.5
EPSS
0.7%
CVE-2015-6421 HIGH This Week

cifs-ao in the CIFS optimization functionality on Cisco Wide Area Application Service (WAAS) and Virtual WAAS (vWAAS) devices 5.x before 5.3.5d and 5.4 and 5.5 before 5.5.3 allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Wide Area Application Services
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-1924 MEDIUM This Month

The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Openjpeg
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2016-1923 MEDIUM This Month

Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Openjpeg
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2016-2047 MEDIUM PATCH This Month

The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Oracle MariaDB Linux MySQL +4
NVD
CVSS 3.0
5.9
EPSS
1.7%
CVE-2016-0209 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Websphere Portal
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-1300 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unity Connection
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-7439 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in InfoSphere Data Architect (IDA), as distributed in IBM Rational Software Architect 8.5 through 9.5, Rational Software Architect for WebSphere Software. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS Rational Software Architect Realtime Rational Software Architect For Websphere Software Rational Software Architect
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-7488 MEDIUM This Month

IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.1, in certain LDAP File protocol configurations, allows remote attackers to discover an LDAP password via unspecified vectors. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required. No vendor patch available.

IBM Information Disclosure Spectrum Scale
NVD
CVSS 3.0
5.9
EPSS
0.1%
CVE-2016-1299 MEDIUM This Month

The web-management GUI implementation on Cisco Small Business SG300 devices 1.4.1.x allows remote attackers to cause a denial of service (HTTPS outage) via crafted HTTPS requests, aka Bug ID. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service 300 Series Managed Switch Firmware
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2015-7487 MEDIUM This Month

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3. Rated medium severity (CVSS 4.1). No vendor patch available.

IBM Information Disclosure Change And Configuration Management Database Maximo Asset Management Maximo Asset Management Essentials +10
NVD
CVSS 3.0
4.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy