Skip to main content
CVE-2016-4523 HIGH KEV THREAT Act Now

The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 67.0%.

Denial Of Service Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.1
7.5
EPSS
67.0%
Threat
5.0
CVE-2016-4447 HIGH POC PATCH This Week

The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Icewall Federation Agent Ubuntu Linux Debian Linux +8
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2016-4370 HIGH This Week

HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x before 9.32.0002 allows remote authenticated users to execute arbitrary commands or obtain sensitive information via unspecified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Project And Portfolio Management Center
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2016-4449 HIGH This Week

XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XXE Debian Linux Ubuntu Linux Libxml2
NVD
CVSS 3.0
7.1
EPSS
0.1%
CVE-2016-2150 HIGH This Week

SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Linux Enterprise Linux Desktop Enterprise Linux Hpc Node Eus Enterprise Linux Server +7
NVD
CVSS 3.0
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy