Skip to main content
CVE-2016-3645 CRITICAL POC THREAT Emergency

Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 75.6%.

Buffer Overflow Microsoft Norton Security Protection Engine Advanced Threat Protection +15
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
75.6%
Threat
5.7
CVE-2016-4971 HIGH POC PATCH THREAT Act Now

GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 75.0%.

Information Disclosure Wget Ubuntu Linux Solaris Pan Os
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
75.0%
Threat
5.5
CVE-2016-2207 HIGH POC THREAT Act Now

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 50.2%.

RCE Denial Of Service Microsoft Mail Security For Microsoft Exchange Norton Power Eraser +16
NVD Exploit-DB
CVSS 3.0
8.4
EPSS
50.2%
Threat
4.7
CVE-2016-3644 HIGH POC THREAT Act Now

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 29.0%.

Denial Of Service RCE Buffer Overflow Microsoft Norton Security +17
NVD Exploit-DB
CVSS 3.0
8.4
EPSS
29.0%
Threat
4.1
CVE-2016-3646 HIGH POC THREAT Act Now

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 26.0%.

RCE Denial Of Service Microsoft Norton Security Protection Engine +16
NVD Exploit-DB
CVSS 3.0
8.4
EPSS
26.0%
Threat
4.0
CVE-2016-2210 HIGH POC THREAT Act Now

Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 29.1%.

RCE Buffer Overflow Microsoft Mail Security For Microsoft Exchange Norton Power Eraser +16
NVD Exploit-DB
CVSS 3.0
7.3
EPSS
29.1%
CVE-2016-2209 HIGH POC THREAT Act Now

Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway;. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 29.1%.

RCE Buffer Overflow Microsoft Mail Security For Microsoft Exchange Norton Power Eraser +16
NVD Exploit-DB
CVSS 3.0
7.3
EPSS
29.1%
CVE-2016-5360 HIGH Act Now

HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service (uninitialized memory access and crash) or possibly have unspecified other. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 46.1% and no vendor patch available.

Denial Of Service Buffer Overflow Ubuntu Linux Haproxy
NVD
CVSS 3.0
7.5
EPSS
46.1%
CVE-2016-4309 HIGH POC THREAT Act Now

Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 19.1%.

Race Condition Information Disclosure Symphony
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
19.1%
CVE-2016-5840 HIGH POC This Week

hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Deep Discovery Inspector
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
7.1%
CVE-2016-5304 MEDIUM POC This Month

Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Endpoint Protection Manager
NVD Exploit-DB
CVSS 3.0
6.8
EPSS
7.1%
CVE-2016-3653 HIGH POC This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to hijack the. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Endpoint Protection Manager
NVD Exploit-DB
CVSS 3.0
8.0
EPSS
0.2%
CVE-2016-4803 HIGH POC This Week

CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Dotcms
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-3189 MEDIUM This Month

Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 23.7% and no vendor patch available.

Memory Corruption Denial Of Service Use After Free Bzip2 Python
NVD
CVSS 3.1
6.5
EPSS
23.7%
CVE-2016-2141 CRITICAL PATCH Act Now

It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jgroups Jboss Enterprise Application Platform
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2016-2211 HIGH This Week

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Mail Security For Microsoft Exchange +17
NVD
CVSS 3.0
7.8
EPSS
9.7%
CVE-2016-3652 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Endpoint Protection Manager
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.9%
CVE-2016-5020 HIGH This Week

F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to modify the account configuration of users with the Resource Administration role and gain privilege via a crafted external Extended. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Big Ip Wan Optimization Manager Big Ip Protocol Security Module Big Ip Application Acceleration Manager Big Ip Edge Gateway +10
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2016-3648 HIGH This Week

Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to bypass the Authentication Lock protection mechanism, and conduct brute-force password-guessing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection Manager
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2016-3650 HIGH This Week

Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection Manager
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2016-5230 HIGH This Week

Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to bypass permission checks and control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Huawei Mate 8 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-4474 HIGH This Week

The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) director (aka overcloud-full) use a. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Openstack
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-4472 HIGH PATCH This Week

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service RCE Buffer Overflow Libexpat Ubuntu Linux +2
NVD
CVSS 3.1
8.1
EPSS
2.3%
CVE-2016-3651 HIGH This Week

Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover the PHP JSESSIONID value via unspecified vectors. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Endpoint Protection Manager
NVD
CVSS 3.0
8.0
EPSS
1.5%
CVE-2016-5729 HIGH This Week

Lenovo BIOS EFI Driver allows local administrators to execute arbitrary code with System Management Mode (SMM) privileges via unspecified vectors. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Lenovo Bios Efi Driver
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2016-5249 HIGH This Week

Lenovo Solution Center (LSC) before 3.3.003 allows local users to execute arbitrary code with LocalSystem privileges via vectors involving the LSC.Services.SystemService StartProxy command with a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Lenovo Solution Center
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-5231 HIGH This Week

Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to bypass permission checks and delete. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Huawei Mate 8 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-5301 HIGH This Week

The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service (crash) via a crafted (1) HTTP response or possibly a (2) UPnP broadcast. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Leap Opensuse Libtorrent
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2016-3647 HIGH This Week

Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Endpoint Protection Manager
NVD
CVSS 3.0
7.7
EPSS
0.2%
CVE-2016-5368 HIGH This Week

Memory leak in Huawei AR3200 before V200R007C00SPC900 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted Multiprotocol Label Switching (MPLS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Ar3200 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-8899 HIGH This Week

Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ubuntu Linux Dnsmasq
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2016-0349 MEDIUM This Month

IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Business Process Manager
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-4057 MEDIUM This Month

Huawei FusionCompute before V100R005C10SPC700 allows remote authenticated users to cause a denial of service (resource consumption) via a large number of crafted packets. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Huawei Fusioncompute
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-5232 MEDIUM This Month

Buffer overflow in Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Huawei Mate 8 Firmware
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-5248 MEDIUM This Month

The StopProxy command in LSC.Services.SystemService in Lenovo Solution Center before 3.3.003 allows local users to terminate arbitrary processes via the PID argument. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Solution Center
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-5305 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Endpoint Protection Manager
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2016-0322 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 through CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Connections
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5306 MEDIUM This Month

Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection Manager
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-4086 MEDIUM This Month

Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before 4.0.4.204_ove allows remote attackers to install arbitrary apps on a connected phone via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Huawei Hisuite
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2016-3649 MEDIUM This Month

Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated administrators to enumerate administrator accounts via modified GET requests. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection Manager
NVD
CVSS 3.0
4.3
EPSS
0.3%
CVE-2016-5307 MEDIUM This Month

Directory traversal vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files in the web-root directory tree via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Endpoint Protection Manager
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2015-8801 LOW Monitor

Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations. Rated low severity (CVSS 2.9). No vendor patch available.

Authentication Bypass Endpoint Protection Manager
NVD
CVSS 3.0
2.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy