Skip to main content
CVE-2016-3088 CRITICAL POC KEV PATCH THREAT Act Now

Remote code execution in Apache ActiveMQ 5.x before 5.14.0 allows unauthenticated attackers to upload and execute arbitrary files on the message broker server by chaining HTTP PUT and MOVE requests against the Fileserver web application. This vulnerability is confirmed actively exploited (CISA KEV) with EPSS score of 94.29%, publicly available exploit code exists, and vendor-released patch is available in ActiveMQ 5.14.0.

Apache File Upload
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
94.3%
Threat
9.8
CVE-2016-1234 HIGH POC PATCH This Week

Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Glibc Leap Opensuse +1
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2016-3075 HIGH Act Now

Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.9% and no vendor patch available.

Denial Of Service Buffer Overflow Opensuse Glibc Fedora +1
NVD
CVSS 3.0
7.5
EPSS
10.9%
CVE-2016-4432 CRITICAL PATCH Act Now

The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apache Java Authentication Bypass Qpid Broker J
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2016-2175 HIGH PATCH This Week

Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

XXE Apache Pdfbox Debian Linux
NVD
CVSS 3.0
7.8
EPSS
5.9%
CVE-2015-8875 HIGH This Week

Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Gdk Pixbuf Debian Linux
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2016-5126 HIGH PATCH This Week

Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Memory Corruption Buffer Overflow RCE Qemu +11
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2016-3697 HIGH PATCH This Week

libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Docker Privilege Escalation Runc Opensuse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2016-4423 HIGH PATCH This Week

The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service PHP Symfony Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2016-1902 HIGH PATCH This Week

The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Debian Linux Symfony
NVD GitHub
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-4810 HIGH This Week

Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Authentication Bypass Xenapp Xendesktop
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-0288 MEDIUM This Month

IBM Security AppScan Standard 8.7.x, 8.8.x, and 9.x before 9.0.3.2 and Security AppScan Enterprise allow remote authenticated users to read arbitrary files via an XML document containing an external. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Security Appscan
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-4945 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Citrix Netscaler Gateway 11 0 Firmware
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2016-3094 MEDIUM PATCH This Month

PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service (broker termination) via a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Java Apache Qpid Broker J
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2016-4454 MEDIUM PATCH This Month

The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to obtain sensitive host memory information or cause a denial of service (QEMU process crash). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Qemu Ubuntu Linux Debian Linux
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2016-4500 MEDIUM This Month

Moxa UC-7408 LX-Plus devices allow remote authenticated users to write to the firmware, and consequently render a device unusable, by leveraging root access. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Uc 7408 Lx Plus Uc 7408 Lx Plus Firmware
NVD
CVSS 3.0
5.8
EPSS
0.2%
CVE-2016-4453 MEDIUM PATCH This Month

The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a VGA command. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Qemu Ubuntu Linux Debian Linux
NVD
CVSS 3.1
4.4
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy