Skip to main content
CVE-2016-2856 HIGH POC This Week

pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Debian Privilege Escalation Ubuntu Ubuntu Linux Debian Linux
NVD Exploit-DB
CVSS 3.0
8.4
EPSS
0.7%
CVE-2016-1731 MEDIUM PATCH This Month

Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Apple Information Disclosure Microsoft Software Update
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-0262 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1.1 through 7.1.1.3, 7.5.0 before 7.5.0.9 IFIX004, and 7.6.0 before 7.6.0.3 IFIX001 allows remote authenticated users to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Maximo Asset Management
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-0222 MEDIUM This Month

IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Maximo Asset Management Smartcloud Control Desk Maximo For Government +5
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2016-0208 LOW Monitor

IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and 8.x before 8.0.0.3 allows remote attackers to cause a denial of service (order-processing outage) via unspecified vectors. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Denial Of Service Authentication Bypass Websphere Commerce
NVD
CVSS 3.0
3.7
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy