Skip to main content
CVE-2016-4463 HIGH POC THREAT Act Now

Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.3%.

Denial Of Service Buffer Overflow Apache Xerces C Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
38.3%
Threat
4.2
CVE-2016-0315 HIGH This Week

The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 maintain session ID validity after a logout action,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Jazz Reporting Service
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2016-2889 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016, 6.0 and 6.0.1 before 6.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM CSRF Jazz Reporting Service
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-0271 HIGH This Week

The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 do not verify a server's identity in a JMS session or an HTTP session, which allows local users. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

IBM Privilege Escalation Urbancode Deploy
NVD
CVSS 3.0
8.2
EPSS
0.0%
CVE-2016-4324 HIGH This Week

Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Debian Linux Libreoffice Ubuntu Linux
NVD
CVSS 3.0
7.8
EPSS
0.7%
CVE-2016-0287 HIGH This Week

IBM i Access 7.1 on Windows allows local users to discover registry passwords via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Microsoft I Access
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-2945 HIGH This Week

The API Discovery implementation in IBM WebSphere Application Server (WAS) 8.5.5.8 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote authenticated users to gain privileges via an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation Websphere Application Server
NVD
CVSS 3.0
7.5
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy