Skip to main content
CVE-2016-1546 MEDIUM PATCH This Month

The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 41.5%.

Apache Denial Of Service Microsoft Http Server Apache HTTP Server
NVD
CVSS 3.0
5.9
EPSS
41.5%
CVE-2016-6170 MEDIUM POC PATCH THREAT This Month

ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.

Denial Of Service Bind Enterprise Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
13.0%
CVE-2016-4979 HIGH PATCH Act Now

The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and mod_ssl are enabled, does not properly recognize the "SSLVerifyClient require" directive for HTTP/2 request authorization, which. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 17.4%.

Apache Authentication Bypass Http Server Apache HTTP Server
NVD GitHub
CVSS 3.0
7.5
EPSS
17.4%
CVE-2016-0906 HIGH This Week

The web-restore interface in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Avamar
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2016-4507 MEDIUM This Month

SQL injection vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Bladecontrol Webvis
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2016-4508 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Bladecontrol Webvis
NVD
CVSS 3.1
6.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy