Skip to main content
CVE-2016-1861 HIGH POC This Week

The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Apple Nvidia Buffer Overflow RCE +1
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
3.0%
CVE-2016-4819 CRITICAL Act Now

The printfDx function in Takumi Yamada DX Library for Borland C++ 3.13f through 3.16b, DX Library for Gnu C++ 3.13f through 3.16b, and DX Library for Visual C++ 3.13f through 3.16b allows remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Dx Library
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2016-1395 CRITICAL Act Now

The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco RCE Rv130W Wireless N Multifunction Vpn Router Firmware Rv215W Wireless N Vpn Router Firmware Rv110W Wireless N Vpn Firewall Firmware
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2016-0912 CRITICAL Act Now

EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 allows remote authenticated users to bypass intended password-change restrictions by leveraging access to (1) a different account with the same role. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emc Data Domain Os
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2016-4817 HIGH This Week

lib/http2/connection.c in H2O before 1.7.3 and 2.x before 2.0.0-beta5 mishandles HTTP/2 disconnection, which allows remote attackers to cause a denial of service (use-after-free and application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service H2O
NVD GitHub
CVSS 3.0
7.5
EPSS
8.0%
CVE-2016-4813 HIGH This Week

NetCommons 2.4.2.1 and earlier allows remote authenticated secretariat (aka CLERK) users to gain privileges by creating a SYSTEM_ADMIN account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Netcommons
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2016-4820 HIGH This Week

Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Etx R Firmware
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-0392 HIGH This Week

IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 through 2.0.7 and Elastic Storage Server 2.5.x through 2.5.5, 3.x before 3.5.5, and 4.x before 4.0.3, as distributed in Spectrum. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Elastic Authentication Bypass Elastic Storage Server General Parallel File System Storage Server
NVD
CVSS 3.0
8.4
EPSS
0.1%
CVE-2016-0911 HIGH This Week

EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 has a default no_root_squash option for NFS exports, which makes it easier for remote attackers to obtain filesystem access by leveraging client root. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Emc Data Domain Os
NVD
CVSS 3.0
8.2
EPSS
0.4%
CVE-2016-4371 HIGH This Week

HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF SSRF Microsoft Service Manager Service Manager Mobility +4
NVD
CVSS 3.0
8.0
EPSS
0.1%
CVE-2016-4514 HIGH This Week

Moxa PT-7728 devices with software 3.4 build 15081113 allow remote authenticated users to change the configuration via vectors involving a local proxy. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Pt 7728 Pt 7728 Firmware
NVD
CVSS 3.1
7.7
EPSS
0.3%
CVE-2016-4815 HIGH PATCH This Week

Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Wzr 900Dhp2 Firmware Wzr 600Dhp3 Firmware Wzr S900Dhp Firmware Wzr S600Dhp Firmware +2
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-4814 HIGH This Week

Directory traversal vulnerability in kml2jsonp.php in Geospatial Information Authority of Japan (aka GSI) Old_GSI_Maps before January 2015 on Windows allows remote attackers to read arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Microsoft Old Gsi Maps
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-1195 HIGH PATCH This Week

Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Garoon
NVD
CVSS 3.0
7.4
EPSS
0.3%
CVE-2016-1225 MEDIUM This Month

Trend Micro Internet Security 8 and 10 allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Internet Security
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2016-4530 MEDIUM This Month

OSIsoft PI SQL Data Access Server (aka OLE DB) 2016 1.5 allows remote authenticated users to cause a denial of service (service outage and data loss) via a message. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Pi Sql Data Access Server 2016
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2016-1397 MEDIUM This Month

Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Buffer Overflow Rv215W Wireless N Vpn Router Firmware Rv110W Wireless N Vpn Firewall Firmware +1
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2016-4518 MEDIUM This Month

OSIsoft PI AF Server before 2016 2.8.0 allows remote authenticated users to cause a denial of service (service outage) via a message. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Pi Af Server 2016
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2016-4816 MEDIUM PATCH This Month

BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices allow remote attackers to discover credentials and other sensitive information via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Wzr 600Dhp3 Firmware Hw 450Hp Zwe Firmware Wzr Hp G450H Firmware Wzr 450Hp Firmware +30
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2016-1424 MEDIUM This Month

Cisco IOS 15.2(1)T1.11 and 15.2(2)TST allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun63132. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco Buffer Overflow iOS
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-1224 MEDIUM This Month

CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Trend Micro Worry Free Business Security Worry Free Business Security Services
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2016-1226 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Trend Micro Internet Security 8 and 10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Trend Micro Internet Security
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-1197 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Garoon
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-1396 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Rv130W Wireless N Multifunction Vpn Router Firmware Rv110W Wireless N Vpn Firewall Firmware Rv215W Wireless N Vpn Router Firmware
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-4811 MEDIUM This Month

The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.15.1 and earlier for Android and 1.13.0 and earlier for iOS allows man-in-the-middle attackers to obtain API access via unspecified. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Google Authentication Bypass Japan Connected Free Wi Fi
NVD
CVSS 3.0
5.6
EPSS
0.4%
CVE-2016-1223 MEDIUM This Month

Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Trend Micro Microsoft Officescan Worry Free Business Security +1
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2015-7775 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Garoon
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-1191 MEDIUM PATCH This Month

Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Garoon
NVD
CVSS 3.0
5.3
EPSS
0.6%
CVE-2016-4821 MEDIUM This Month

I-O DATA DEVICE ETX-R devices allow remote attackers to cause a denial of service (web-server crash) via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Etx R Firmware
NVD
CVSS 3.0
5.3
EPSS
0.5%
CVE-2015-7776 MEDIUM PATCH This Month

Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Garoon
NVD
CVSS 3.0
4.3
EPSS
0.6%
CVE-2016-1864 MEDIUM This Month

The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apple Information Disclosure Safari Iphone Os
NVD
CVSS 3.0
4.3
EPSS
0.5%
CVE-2015-7462 MEDIUM This Month

IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Mq
NVD
CVSS 3.0
4.4
EPSS
0.0%
CVE-2016-1192 MEDIUM PATCH This Month

Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Garoon
NVD
CVSS 3.0
4.3
EPSS
0.3%
CVE-2016-1196 MEDIUM PATCH This Month

Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Garoon
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-1183 LOW Monitor

NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Terasoluna Server Framework For Java Web
NVD
CVSS 3.0
3.7
EPSS
0.2%
CVE-2016-1862 LOW Monitor

Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1860. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Intel Mac Os X
NVD
CVSS 3.0
3.3
EPSS
0.2%
CVE-2016-1860 LOW Monitor

Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1862. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Intel Mac Os X
NVD
CVSS 3.0
3.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy