Skip to main content
CVE-2016-6174 HIGH POC THREAT Act Now

applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 19.8%.

RCE PHP Invision Power Board
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
19.8%
CVE-2016-4503 CRITICAL Act Now

Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings and data, via vectors related to reading a cookie parameter containing a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Device Server Web Console 5232 N Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2016-4533 HIGH This Week

Heap-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Levistudiou
NVD
CVSS 3.1
7.8
EPSS
8.3%
CVE-2016-5774 HIGH This Week

The HTTPS server in Blue Coat PacketShaper S-Series 11.5.x before 11.5.3.2 might allow remote attackers to obtain sensitive credentials and other information via unspecified vectors, related to use. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Packetshaper S Series
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2016-5781 HIGH This Week

Stack-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Levistudio
NVD
CVSS 3.0
7.8
EPSS
1.5%
CVE-2016-4994 HIGH PATCH This Week

Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption RCE Use After Free Gimp
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2016-4831 HIGH This Week

Untrusted search path vulnerability in LINE and LINE Installer 4.7.0 and earlier on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Line Line Installer
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-4985 HIGH PATCH This Week

The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Openstack Openstack Ironic
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2016-5009 MEDIUM This Month

The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Ceph Storage Mon Ceph Storage Osd Enterprise Linux Desktop Enterprise Linux For Scientific Computing +3
NVD GitHub
CVSS 3.0
6.5
EPSS
1.4%
CVE-2016-5308 MEDIUM This Month

The Client Intrusion Detection System (CIDS) driver before 15.0.6 in Symantec Endpoint Protection (SEP) and before 15.1.2 in Norton Security allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Client Intrusion Detection System
NVD
CVSS 3.0
5.5
EPSS
2.5%
CVE-2016-2205 MEDIUM This Month

Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Workspace Streaming Workspace Virtualization
NVD
CVSS 3.0
5.7
EPSS
0.4%
CVE-2015-3192 MEDIUM PATCH This Month

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Java Spring Framework Fedora
NVD
CVSS 3.0
5.5
EPSS
1.4%
CVE-2016-2206 MEDIUM This Month

The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Workspace Streaming Workspace Virtualization
NVD
CVSS 3.0
5.7
EPSS
0.2%
CVE-2016-4428 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Horizon Openstack Debian Linux
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2016-2219 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the management interface in Palo Alto Networks PAN-OS 7.x before 7.0.8 allows remote authenticated users to inject arbitrary web script or HTML via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5850 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the volume backup service module in Huawei Public Cloud Solution before 1.0.5 allows remote authenticated users to inject arbitrary web script or HTML via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Huawei Public Cloud Solution
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2016-1445 MEDIUM This Month

Cisco Adaptive Security Appliance (ASA) Software 8.2 through 9.4.3.3 allows remote attackers to bypass intended ICMP Echo Reply ACLs via vectors related to subtypes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Adaptive Security Appliance Software
NVD
CVSS 3.1
5.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy