Skip to main content
CVE-2016-1861 HIGH POC This Week

The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Apple Nvidia Buffer Overflow RCE +1
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
3.0%
CVE-2016-4817 HIGH This Week

lib/http2/connection.c in H2O before 1.7.3 and 2.x before 2.0.0-beta5 mishandles HTTP/2 disconnection, which allows remote attackers to cause a denial of service (use-after-free and application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service H2O
NVD GitHub
CVSS 3.0
7.5
EPSS
8.0%
CVE-2016-4813 HIGH This Week

NetCommons 2.4.2.1 and earlier allows remote authenticated secretariat (aka CLERK) users to gain privileges by creating a SYSTEM_ADMIN account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Netcommons
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2016-4820 HIGH This Week

Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Etx R Firmware
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-0392 HIGH This Week

IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 through 2.0.7 and Elastic Storage Server 2.5.x through 2.5.5, 3.x before 3.5.5, and 4.x before 4.0.3, as distributed in Spectrum. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Elastic Authentication Bypass Elastic Storage Server General Parallel File System Storage Server
NVD
CVSS 3.0
8.4
EPSS
0.1%
CVE-2016-0911 HIGH This Week

EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 has a default no_root_squash option for NFS exports, which makes it easier for remote attackers to obtain filesystem access by leveraging client root. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Emc Data Domain Os
NVD
CVSS 3.0
8.2
EPSS
0.4%
CVE-2016-4371 HIGH This Week

HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF SSRF Microsoft Service Manager Service Manager Mobility +4
NVD
CVSS 3.0
8.0
EPSS
0.1%
CVE-2016-4514 HIGH This Week

Moxa PT-7728 devices with software 3.4 build 15081113 allow remote authenticated users to change the configuration via vectors involving a local proxy. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Pt 7728 Pt 7728 Firmware
NVD
CVSS 3.1
7.7
EPSS
0.3%
CVE-2016-4815 HIGH PATCH This Week

Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Wzr 900Dhp2 Firmware Wzr 600Dhp3 Firmware Wzr S900Dhp Firmware Wzr S600Dhp Firmware +2
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-4814 HIGH This Week

Directory traversal vulnerability in kml2jsonp.php in Geospatial Information Authority of Japan (aka GSI) Old_GSI_Maps before January 2015 on Windows allows remote attackers to read arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Microsoft Old Gsi Maps
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-1195 HIGH PATCH This Week

Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Garoon
NVD
CVSS 3.0
7.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy