Skip to main content
CVE-2016-1035 HIGH This Week

Adobe RoboHelp Server 9 before 9.0.1 mishandles SQL queries, which allows attackers to obtain sensitive information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Robohelp
NVD
CVSS 3.0
7.5
EPSS
3.4%
CVE-2016-3162 HIGH PATCH This Week

The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Drupal Debian Linux
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2016-0160 HIGH This Week

Microsoft Internet Explorer 11 mishandles DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability.". Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Internet Explorer
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2016-3157 HIGH PATCH This Week

The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Linux Xen Ubuntu Linux
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2016-2556 HIGH This Week

The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows improperly allows access to restricted functionality, which. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Privilege Escalation Microsoft Gpu Driver R340 Gpu Driver R352
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2016-3163 HIGH PATCH This Week

The XML-RPC system in Drupal 6.x before 6.38 and 7.x before 7.43 might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debian Linux Drupal
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2016-3656 HIGH This Week

The GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote attackers to cause a denial of service (service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Paloalto Pan Os
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-3165 HIGH PATCH This Week

The Form API in Drupal 6.x before 6.38 ignores access restrictions on submit buttons, which might allow remote attackers to bypass intended access restrictions by leveraging permission to submit a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Drupal
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-3164 HIGH PATCH This Week

Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a 404 error page,. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Drupal Debian Linux
NVD
CVSS 3.0
7.4
EPSS
0.7%
CVE-2016-3167 HIGH PATCH This Week

Open redirect vulnerability in the drupal_goto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users to arbitrary web sites and conduct. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Open Redirect Drupal Debian Linux
NVD
CVSS 3.0
7.4
EPSS
0.6%
CVE-2016-2001 HIGH PATCH This Week

HPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 allows remote attackers to obtain sensitive information or conduct URL redirection attacks via unspecified vectors. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Universal Cmbd Foundation
NVD
CVSS 3.0
7.4
EPSS
0.5%
CVE-2015-8474 HIGH PATCH This Week

Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Debian Linux Redmine
NVD GitHub
CVSS 3.0
7.4
EPSS
0.4%
CVE-2016-3654 HIGH This Week

The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Paloalto Pan Os
NVD
CVSS 3.0
7.2
EPSS
0.5%
CVE-2016-0089 HIGH This Week

Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 8 1 Windows Server 2012
NVD
CVSS 3.0
7.1
EPSS
0.9%
CVE-2016-0090 HIGH This Week

Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 8 1 Windows Server 2012
NVD
CVSS 3.0
7.1
EPSS
0.7%
CVE-2015-3268 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the DisplayEntityField.getDescription method in ModelFormField.java in Apache OFBiz before 12.04.06 and 13.07.x before 13.07.03 allows remote attackers to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Java Apache Ofbiz
NVD
CVSS 3.0
6.1
EPSS
5.3%
CVE-2016-4003 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Apache Struts
NVD
CVSS 3.0
6.1
EPSS
2.6%
CVE-2016-2166 MEDIUM PATCH This Month

The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Apache Qpid Proton Fedora
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-3985 MEDIUM This Month

The Terminal Services Remote Desktop Protocol (RDP) client session restrictions feature in Pulse Connect Secure (aka PCS) 8.1R7 and 8.2R1 allow remote authenticated users to bypass intended access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Pulse Connect Secure
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2015-5167 MEDIUM PATCH This Month

The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Apache Ranger
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-3168 MEDIUM PATCH This Month

The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable.

RCE Drupal Debian Linux
NVD
CVSS 3.0
6.4
EPSS
0.5%
CVE-2015-7520 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Wicket
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2016-2162 MEDIUM PATCH This Month

Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Apache Struts
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2016-1377 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unity Connection
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-0887 MEDIUM This Month

EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Bsafe Crypto C Micro Edition Bsafe Crypto J Bsafe Micro Edition Suite Bsafe Ssl C +1
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2016-3166 MEDIUM PATCH This Month

CRLF injection vulnerability in the drupal_set_header function in Drupal 6.x before 6.38, when used with PHP before 5.1.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

PHP Code Injection Debian Linux Drupal
NVD
CVSS 3.0
5.9
EPSS
0.5%
CVE-2015-5158 MEDIUM This Month

Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow Qemu
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2016-2140 MEDIUM PATCH This Month

The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Nova
NVD
CVSS 3.0
5.3
EPSS
0.6%
CVE-2016-3170 MEDIUM PATCH This Month

The "have you forgotten your password" links in the User module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allow remote attackers to obtain sensitive username information by leveraging a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Debian Linux Drupal
NVD
CVSS 3.0
5.3
EPSS
0.5%
CVE-2016-1376 MEDIUM This Month

Cisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (CRC and symbol errors, and interface flap) via crafted bit patterns in packets,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xr
NVD
CVSS 3.0
5.3
EPSS
0.5%
CVE-2015-8537 MEDIUM PATCH This Month

app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Debian Linux Redmine
NVD GitHub
CVSS 3.0
5.3
EPSS
0.5%
CVE-2015-8346 MEDIUM PATCH This Month

app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Redmine Debian Linux
NVD GitHub
CVSS 3.0
5.3
EPSS
0.5%
CVE-2015-8108 MEDIUM This Month

The management interface in LenovoEMC EZ Media & Backup (hm3), ix2/ix2-dl, ix4-300d, px12-400r/450r, px6-300d, px2-300d, px4-300r, px4-400d, px4-400r, and px4-300d NAS devices with firmware before. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emc Firmware
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2015-8473 MEDIUM PATCH This Month

The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Debian Linux Redmine
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%
CVE-2015-8021 MEDIUM This Month

Incomplete blacklist vulnerability in the Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, Link Controller, and PSM 11.x before 11.2.1 HF11, 11.3.x, 11.4.0 before HF8, and 11.4.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics +10
NVD
CVSS 3.0
4.3
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy