Skip to main content
CVE-2016-3674 HIGH PATCH This Week

Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Information Disclosure Jboss Middleware Debian Linux Fedora +1
NVD GitHub
CVSS 3.1
7.5
EPSS
8.2%
CVE-2016-3705 HIGH This Week

The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ubuntu Linux Libxml2 Debian Linux Icewall Federation Agent +2
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2016-3627 HIGH PATCH This Week

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Leap Debian Linux Icewall Federation Agent Icewall File Manager +10
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2016-3726 HIGH PATCH This Week

Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Jenkins Openshift
NVD
CVSS 3.0
7.4
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy