Skip to main content
CVE-2016-5118 CRITICAL Emergency

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 31.8% and no vendor patch available.

RCE Graphicsmagick Linux Enterprise Debuginfo Studio Onsite Linux Enterprise Software Development Kit +10
NVD
CVSS 3.1
9.8
EPSS
31.8%
CVE-2016-0916 CRITICAL Act Now

EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Networker
NVD
CVSS 3.0
9.8
EPSS
7.8%
CVE-2016-4326 CRITICAL Act Now

The Chef Manage (formerly opscode-manage) add-on before 1.12.0 for Chef allows remote attackers to execute arbitrary code via crafted serialized data in a cookie. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Chef Manage
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2016-2786 CRITICAL Act Now

The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 and Puppet Agent 1.3.x before 1.3.6 does not properly validate server certificates, which might allow remote attackers to spoof. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Puppet Agent Puppet Enterprise
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2016-4328 CRITICAL Act Now

MEDHOST Perioperative Information Management System (aka PIMS or VPIMS) before 2015R1 has hardcoded credentials, which makes it easier for remote attackers to obtain sensitive information via direct. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Perioperative Information Management System
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2016-2785 CRITICAL PATCH Act Now

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Puppet Puppet Server Puppet Agent
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2016-3720 CRITICAL PATCH Act Now

XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Fedora Jackson Dataformat Xml
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2016-1421 HIGH This Week

A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Buffer Overflow Ip Phone 8800 Series Firmware
NVD
CVSS 3.0
7.5
EPSS
6.7%
CVE-2016-4494 HIGH This Week

Cross-site request forgery (CSRF) vulnerability on KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allows remote attackers to hijack the authentication of unspecified victims for. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Bac 5051E Firmware
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-0910 HIGH This Week

EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Data Domain Os
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2016-1419 HIGH This Week

Cisco Access Point devices with software 8.2(102.43) allow remote attackers to cause a denial of service (device reload) via crafted ARP packets, aka Bug ID CSCuy55803. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Aironet Access Point Software
NVD
CVSS 3.0
8.1
EPSS
0.2%
CVE-2016-3706 HIGH This Week

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Opensuse Glibc
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2016-1420 HIGH This Week

The installation component on Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.3(2f) mishandles binary files, which allows local users to obtain root access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Application Infrastructure Controller Application Policy Infrastructure Controller Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8268 HIGH This Week

The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 on Linux allows remote attackers to read arbitrary files via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Uptime Infrastructure Monitor
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2016-3085 MEDIUM This Month

Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Apache Cloudstack
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-4524 MEDIUM This Month

ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords in unspecified temporary circumstances, which allows local users to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Abb Authentication Bypass Pcm600
NVD
CVSS 3.0
6.5
EPSS
0.0%
CVE-2016-4429 MEDIUM PATCH This Month

Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Memory Corruption Buffer Overflow Leap Opensuse +2
NVD
CVSS 3.1
5.9
EPSS
2.0%
CVE-2016-4495 MEDIUM This Month

KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allow remote attackers to bypass intended access restrictions and read a configuration file via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bac 5051E Firmware
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-5233 LOW Monitor

Huawei Mate 8 smartphones with software NXT-AL10 before NXT-AL10C00B182, NXT-CL00 before NXT-CL00C92B182, NXT-DL00 before NXT-DL00C17B182, and NXT-TL00 before NXT-TL00C01B182 allow remote base. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Huawei Mate 8 Firmware
NVD
CVSS 3.0
3.7
EPSS
0.1%
CVE-2016-4516 LOW Monitor

ABB PCM600 before 2.7 improperly stores the main application password after a password change, which allows local users to obtain sensitive information via unspecified vectors. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Abb Information Disclosure Pcm600
NVD
CVSS 3.0
3.3
EPSS
0.0%
CVE-2016-4527 LOW Monitor

ABB PCM600 before 2.7 improperly stores PCM600 authentication credentials, which allows local users to obtain sensitive information via unspecified vectors. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Abb Authentication Bypass Pcm600
NVD
CVSS 3.0
3.3
EPSS
0.0%
CVE-2016-4511 LOW Monitor

ABB PCM600 before 2.7 uses an improper hash algorithm for the main application password, which makes it easier for local users to obtain sensitive cleartext information by leveraging read access to. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Abb Information Disclosure Pcm600
NVD
CVSS 3.0
2.8
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy