Skip to main content
CVE-2016-4971 HIGH POC PATCH THREAT Act Now

GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 75.0%.

Information Disclosure Wget Ubuntu Linux Solaris Pan Os
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
75.0%
Threat
5.5
CVE-2016-2207 HIGH POC THREAT Act Now

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 50.2%.

RCE Denial Of Service Microsoft Mail Security For Microsoft Exchange Norton Power Eraser +16
NVD Exploit-DB
CVSS 3.0
8.4
EPSS
50.2%
Threat
4.7
CVE-2016-3644 HIGH POC THREAT Act Now

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 29.0%.

Denial Of Service RCE Buffer Overflow Microsoft Norton Security +17
NVD Exploit-DB
CVSS 3.0
8.4
EPSS
29.0%
Threat
4.1
CVE-2016-3646 HIGH POC THREAT Act Now

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 26.0%.

RCE Denial Of Service Microsoft Norton Security Protection Engine +16
NVD Exploit-DB
CVSS 3.0
8.4
EPSS
26.0%
Threat
4.0
CVE-2016-2210 HIGH POC THREAT Act Now

Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 29.1%.

RCE Buffer Overflow Microsoft Mail Security For Microsoft Exchange Norton Power Eraser +16
NVD Exploit-DB
CVSS 3.0
7.3
EPSS
29.1%
CVE-2016-2209 HIGH POC THREAT Act Now

Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway;. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 29.1%.

RCE Buffer Overflow Microsoft Mail Security For Microsoft Exchange Norton Power Eraser +16
NVD Exploit-DB
CVSS 3.0
7.3
EPSS
29.1%
CVE-2016-5360 HIGH Act Now

HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause a denial of service (uninitialized memory access and crash) or possibly have unspecified other. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 46.1% and no vendor patch available.

Denial Of Service Buffer Overflow Ubuntu Linux Haproxy
NVD
CVSS 3.0
7.5
EPSS
46.1%
CVE-2016-4309 HIGH POC THREAT Act Now

Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 19.1%.

Race Condition Information Disclosure Symphony
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
19.1%
CVE-2016-5840 HIGH POC This Week

hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Trend Micro Deep Discovery Inspector
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
7.1%
CVE-2016-3653 HIGH POC This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to hijack the. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Endpoint Protection Manager
NVD Exploit-DB
CVSS 3.0
8.0
EPSS
0.2%
CVE-2016-4803 HIGH POC This Week

CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Dotcms
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-2211 HIGH This Week

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Mail Security For Microsoft Exchange +17
NVD
CVSS 3.0
7.8
EPSS
9.7%
CVE-2016-5020 HIGH This Week

F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to modify the account configuration of users with the Resource Administration role and gain privilege via a crafted external Extended. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Big Ip Wan Optimization Manager Big Ip Protocol Security Module Big Ip Application Acceleration Manager Big Ip Edge Gateway +10
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2016-3648 HIGH This Week

Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to bypass the Authentication Lock protection mechanism, and conduct brute-force password-guessing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection Manager
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2016-3650 HIGH This Week

Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection Manager
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2016-5230 HIGH This Week

Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to bypass permission checks and control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Huawei Mate 8 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-4474 HIGH This Week

The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) director (aka overcloud-full) use a. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Openstack
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-4472 HIGH PATCH This Week

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service RCE Buffer Overflow Libexpat Ubuntu Linux +2
NVD
CVSS 3.1
8.1
EPSS
2.3%
CVE-2016-3651 HIGH This Week

Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover the PHP JSESSIONID value via unspecified vectors. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Endpoint Protection Manager
NVD
CVSS 3.0
8.0
EPSS
1.5%
CVE-2016-5729 HIGH This Week

Lenovo BIOS EFI Driver allows local administrators to execute arbitrary code with System Management Mode (SMM) privileges via unspecified vectors. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Lenovo Bios Efi Driver
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2016-5249 HIGH This Week

Lenovo Solution Center (LSC) before 3.3.003 allows local users to execute arbitrary code with LocalSystem privileges via vectors involving the LSC.Services.SystemService StartProxy command with a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Lenovo Solution Center
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-5231 HIGH This Week

Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to bypass permission checks and delete. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Huawei Mate 8 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-5301 HIGH This Week

The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service (crash) via a crafted (1) HTTP response or possibly a (2) UPnP broadcast. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Leap Opensuse Libtorrent
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2016-3647 HIGH This Week

Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Endpoint Protection Manager
NVD
CVSS 3.0
7.7
EPSS
0.2%
CVE-2016-5368 HIGH This Week

Memory leak in Huawei AR3200 before V200R007C00SPC900 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted Multiprotocol Label Switching (MPLS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Ar3200 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-8899 HIGH This Week

Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ubuntu Linux Dnsmasq
NVD
CVSS 3.0
7.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy