Skip to main content
CVE-2016-0151 HIGH POC KEV PATCH THREAT Act Now

The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Privilege Escalation Microsoft
NVD Exploit-DB VulDB
CVSS 3.1
7.8
EPSS
44.1%
Threat
5.9
CVE-2016-0145 HIGH POC THREAT Act Now

The font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold and 1511; Office 2007. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 74.8%.

RCE Buffer Overflow Microsoft Net Framework Live Meeting +11
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
74.8%
Threat
5.5
CVE-2016-2118 HIGH POC THREAT Act Now

The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 78.5%.

Information Disclosure Samba Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
78.5%
Threat
5.4
CVE-2016-0165 HIGH POC KEV PATCH THREAT Act Now

The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Information Disclosure Microsoft
NVD Exploit-DB VulDB
CVSS 3.1
7.8
EPSS
6.2%
Threat
4.7
CVE-2016-3987 CRITICAL POC THREAT Emergency

The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 43.1%.

Trend Micro Authentication Bypass Password Manager
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
43.1%
Threat
4.8
CVE-2016-0162 MEDIUM KEV PATCH THREAT Act Now

Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka "Internet Explorer Information Disclosure Vulnerability.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 38.0%.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
4.3
EPSS
38.0%
CVE-2016-0167 HIGH KEV PATCH THREAT Act Now

The Win32k kernel-mode driver in Windows Vista through Windows 10 allows local privilege escalation through an unspecified vulnerability in window object handling, exploited in the wild by APT groups.

Information Disclosure Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
6.1%
Threat
5.2
CVE-2016-0122 HIGH POC THREAT Act Now

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Word 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 39.9%.

RCE Buffer Overflow Microsoft Excel Excel Viewer +2
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
39.9%
Threat
4.3
CVE-2016-0128 MEDIUM PATCH This Month

The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 60.3%.

Information Disclosure Microsoft Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.1
6.8
EPSS
60.3%
CVE-2015-8841 CRITICAL POC THREAT Emergency

Heap-based buffer overflow in the Archive support module in ESET NOD32 before update 11861 allows remote attackers to execute arbitrary code via a large number of languages in an EPOC installation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.4%.

Memory Corruption Eset Buffer Overflow RCE Nod32
NVD
CVSS 3.1
9.8
EPSS
16.4%
Threat
4.0
CVE-2016-0150 HIGH Act Now

HTTP.sys in Microsoft Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 43.3% and no vendor patch available.

Denial Of Service Microsoft Windows 10
NVD
CVSS 3.0
7.5
EPSS
43.3%
CVE-2016-0136 HIGH Act Now

Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 40.6% and no vendor patch available.

RCE Buffer Overflow Microsoft Excel Office Compatibility Pack +2
NVD
CVSS 3.0
7.8
EPSS
40.6%
CVE-2016-0153 HIGH Act Now

OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows remote attackers to execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 33.7% and no vendor patch available.

Microsoft RCE Authentication Bypass Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
7.8
EPSS
33.7%
CVE-2016-0147 HIGH Act Now

Microsoft XML Core Services 3.0 allows remote attackers to execute arbitrary code via a crafted web site, aka "MSXML 3.0 Remote Code Execution Vulnerability.". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 26.4% and no vendor patch available.

RCE Microsoft Xml Core Services
NVD
CVSS 3.0
8.8
EPSS
26.4%
CVE-2016-0139 HIGH Act Now

Microsoft Excel 2010 SP2, Word for Mac 2011, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability.". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 30.3% and no vendor patch available.

RCE Buffer Overflow Microsoft Excel Excel Viewer +1
NVD
CVSS 3.0
7.8
EPSS
30.3%
CVE-2016-0127 HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 29.9% and no vendor patch available.

RCE Buffer Overflow Microsoft Office Office Compatibility Pack +4
NVD
CVSS 3.0
7.8
EPSS
29.9%
CVE-2015-8833 CRITICAL Act Now

Use-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.5% and no vendor patch available.

RCE Pidgin Otr
NVD
CVSS 3.0
9.8
EPSS
16.5%
CVE-2016-3172 HIGH POC This Week

SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cacti
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2015-8702 HIGH POC PATCH This Week

The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Debian Linux Inspircd
NVD GitHub
CVSS 3.0
8.6
EPSS
0.8%
CVE-2016-2170 CRITICAL PATCH Act Now

Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.6%.

Information Disclosure Java Apache Ofbiz
NVD
CVSS 3.1
9.8
EPSS
13.6%
CVE-2016-3986 HIGH POC This Week

Avast allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted PE file, related to authenticode parsing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Buffer Overflow Avast
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
3.4%
CVE-2016-0785 HIGH PATCH Act Now

{}" sequence in a tag attribute, aka forced double OGNL evaluation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.8%.

RCE Apache Struts
NVD
CVSS 3.0
8.8
EPSS
17.8%
CVE-2016-0143 HIGH POC This Week

The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Windows 10 Windows 7 Windows 8 1 +4
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
2.3%
CVE-2016-4004 MEDIUM POC THREAT This Month

Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.2%.

Path Traversal Dell Openmanage Server Administrator
NVD Exploit-DB
CVSS 3.0
4.9
EPSS
12.2%
CVE-2016-0161 MEDIUM This Month

Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 23.9% and no vendor patch available.

Authentication Bypass Microsoft Edge
NVD
CVSS 3.0
6.5
EPSS
23.9%
CVE-2016-0156 HIGH Act Now

Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 18.4% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
18.4%
CVE-2016-0154 HIGH Act Now

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 16.3% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Edge +1
NVD
CVSS 3.0
7.5
EPSS
16.3%
CVE-2016-0155 HIGH Act Now

Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 16.0% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
16.0%
CVE-2015-5347 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the getWindowOpenJavaScript function in org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow in Apache Wicket 1.5.x before 1.5.15, 6.x before. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Apache Wicket
NVD
CVSS 3.0
6.1
EPSS
1.7%
CVE-2016-3657 CRITICAL Act Now

Buffer overflow in the GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to cause a denial of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Paloalto Pan Os
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2016-0158 MEDIUM This Month

Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 18.9% and no vendor patch available.

Authentication Bypass Microsoft Edge
NVD
CVSS 3.0
6.5
EPSS
18.9%
CVE-2016-1885 MEDIUM POC This Month

Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9.3 before p39, 10.1 before p31, and 10.2 before p14 allows local users to cause a denial of service. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Freebsd
NVD Exploit-DB
CVSS 3.0
6.2
EPSS
0.1%
CVE-2016-0733 CRITICAL PATCH Act Now

The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password, which allows remote attackers to bypass authentication by leveraging knowledge of a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apache Authentication Bypass Ranger
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2016-3655 CRITICAL Act Now

The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Paloalto Pan Os
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2016-0164 HIGH Act Now

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 12.8% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
12.8%
CVE-2016-0157 HIGH Act Now

Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 12.4% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
12.4%
CVE-2016-3171 HIGH PATCH This Week

Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE PHP Drupal Debian Linux
NVD
CVSS 3.0
8.1
EPSS
8.2%
CVE-2016-0088 CRITICAL Act Now

Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remote Code. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Authentication Bypass Windows 10 Windows 8 1 +1
NVD
CVSS 3.0
9.3
EPSS
1.5%
CVE-2016-0166 HIGH This Week

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
9.8%
CVE-2016-0159 HIGH This Week

Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
9.8%
CVE-2016-0148 HIGH This Week

Microsoft .NET Framework 4.6 and 4.6.1 mishandles library loading, which allows local users to gain privileges via a crafted application, aka ".NET Framework Remote Code Execution Vulnerability.". Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Microsoft Net Framework
NVD
CVSS 3.0
7.8
EPSS
8.2%
CVE-2016-1034 CRITICAL Act Now

The Sync Process in the JavaScript API for Creative Cloud Libraries in Adobe Creative Cloud Desktop Application before 3.6.0.244 allows remote attackers to read or write to arbitrary files via. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Creative Cloud
NVD
CVSS 3.0
9.1
EPSS
1.5%
CVE-2016-1568 HIGH This Week

Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption RCE Use After Free Qemu +3
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2016-2405 HIGH This Week

Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to gain privileges and cause a denial of service (system crash) via a crafted URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Huawei Policy Center Firmware
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2016-0135 HIGH This Week

The Secondary Logon Service in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability.". Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Windows 10
NVD
CVSS 3.0
8.4
EPSS
0.5%
CVE-2016-2857 HIGH This Week

The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Qemu Ubuntu Linux Debian Linux +8
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2016-2558 HIGH This Week

The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information, cause a. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Buffer Overflow Microsoft Gpu Driver R340 +1
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2016-2557 HIGH This Week

The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information from. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nvidia Privilege Escalation Microsoft Gpu Driver R340 +1
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2016-3169 HIGH PATCH This Week

The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation Debian Linux Drupal
NVD
CVSS 3.0
8.1
EPSS
1.0%
CVE-2016-1866 HIGH PATCH This Week

Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Authentication Bypass Salt Leap
NVD
CVSS 3.0
8.1
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy