Skip to main content
CVE-2016-1343 CRITICAL Act Now

The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XXE Denial Of Service Information Server
NVD
CVSS 3.0
10.0
EPSS
0.6%
CVE-2016-1111 HIGH This Week

Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Microsoft Acrobat Acrobat Dc +2
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2016-2814 HIGH This Week

Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow RCE Firefox
NVD
CVSS 3.0
8.8
EPSS
2.1%
CVE-2016-2807 HIGH This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Firefox +3
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2016-2806 HIGH This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Debian Linux +4
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2016-2811 HIGH This Week

Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code via vectors related to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Firefox
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2016-2804 HIGH This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Firefox
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2016-2805 HIGH This Week

Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Firefox
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2016-1201 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Ec Cube
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-2808 HIGH This Week

The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Firefox
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-2812 HIGH This Week

Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Denial Of Service Mozilla Buffer Overflow RCE +1
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-2813 MEDIUM This Month

Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure Firefox
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2016-2816 MEDIUM This Month

Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-1200 MEDIUM PATCH This Month

The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Ec Cube
NVD
CVSS 3.0
6.3
EPSS
0.2%
CVE-2016-2809 MEDIUM This Month

The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Windows allows user-assisted remote attackers to delete arbitrary files by leveraging certain local file execution. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Mozilla Privilege Escalation Microsoft Firefox
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2016-2817 MEDIUM This Month

The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Privilege Escalation Google Firefox +1
NVD
CVSS 3.0
5.4
EPSS
0.4%
CVE-2016-1199 MEDIUM PATCH This Month

The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ec Cube
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-2810 MEDIUM This Month

Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Mozilla Privilege Escalation Google Firefox
NVD
CVSS 3.0
5.0
EPSS
0.3%
CVE-2016-2820 MEDIUM This Month

The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox
NVD
CVSS 3.0
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy