Skip to main content
CVE-2016-3643 HIGH POC KEV THREAT Act Now

SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd.". Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Privilege Escalation
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
5.4%
Threat
4.7
CVE-2016-3642 CRITICAL POC THREAT Emergency

The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.4%.

Information Disclosure Java Apache Virtualization Manager
NVD
CVSS 3.0
9.8
EPSS
22.4%
Threat
4.1
CVE-2015-8914 CRITICAL POC PATCH Act Now

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Neutron
NVD
CVSS 3.0
9.1
EPSS
6.7%
CVE-2016-5362 HIGH PATCH This Week

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Neutron
NVD
CVSS 3.0
8.2
EPSS
6.3%
CVE-2016-5363 HIGH PATCH This Week

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Neutron
NVD
CVSS 3.0
8.2
EPSS
4.7%
CVE-2016-5433 MEDIUM This Month

Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Citrix Information Disclosure Ios Receiver
NVD
CVSS 3.0
6.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy