Skip to main content
CVE-2016-5661 HIGH This Week

Accela Civic Platform Citizen Access portal relies on the client to restrict file types for uploads, which allows remote authenticated users to execute arbitrary code via modified _EventArgument and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass Civic Platform Citizen Access Portal
NVD
CVSS 3.0
8.8
EPSS
5.7%
CVE-2016-1446 HIGH This Week

SQL injection vulnerability in Cisco WebEx Meetings Server 2.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuy83200. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Webex Meetings Server
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2016-5637 HIGH This Week

The restore_tqb_pixels function in libbpg 0.9.5 through 0.9.7 mishandles the transquant_bypass_enable_flag value, which allows remote attackers to execute arbitrary code or cause a denial of service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Libbpg
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2016-4529 HIGH PATCH This Week

An unspecified ActiveX control in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers before 2.1.0 allows remote attackers to execute arbitrary code via unknown vectors,. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Schneider Electric RCE Somachine Hvac Firmware
NVD
CVSS 3.1
7.3
EPSS
4.3%
CVE-2016-5807 HIGH This Week

Tollgrade LightHouse SMS before 5.1 patch 3 allows remote authenticated users to bypass an intended administrative-authentication requirement, and read or change parameter values, via a direct. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Lighthouse Sms
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2016-5790 HIGH This Week

Tollgrade LightHouse SMS before 5.1 patch 3 allows remote attackers to bypass authentication and restart the software via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Lighthouse Sms
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2016-1456 HIGH This Week

The CLI in Cisco IOS XR 6.x through 6.0.1 allows local users to execute arbitrary OS commands in a privileged context by leveraging unspecified container access, aka Bug ID CSCuz62721. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Cisco Ios Xr
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-1426 HIGH This Week

Cisco IOS XR 5.x through 5.2.5 on NCS 6000 devices allows remote attackers to cause a denial of service (timer consumption and Route Processor reload) via crafted SSH traffic, aka Bug ID CSCux76819. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xr
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-1450 HIGH This Week

Cisco WebEx Meetings Server 2.6 allows remote authenticated users to conduct command-injection attacks via vectors related to an upload's file type, aka Bug ID CSCuy92715. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Code Injection Webex Meetings Server
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2015-1977 HIGH This Week

Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Path Traversal Information Disclosure Tivoli Directory Server Security Directory Server
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-0340 HIGH This Week

IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session expiration, which allows remote attackers to hijack sessions by. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

IBM Authentication Bypass Security Identity Manager Adapter
NVD
CVSS 3.0
7.4
EPSS
0.2%
CVE-2016-0330 HIGH This Week

IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles password creation, which makes it easier for remote attackers to obtain access by. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Identity Manager Adapter
NVD
CVSS 3.0
7.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy