Skip to main content
CVE-2016-6232 HIGH POC PATCH This Week

Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Ubuntu Linux Karchives
NVD
CVSS 3.0
7.5
EPSS
5.7%
CVE-2016-6185 HIGH POC This Week

The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Perl Fedora Debian Linux Solaris +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2016-5229 CRITICAL Act Now

Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian RCE Authentication Bypass Bamboo
NVD
CVSS 3.0
9.8
EPSS
6.0%
CVE-2016-6178 CRITICAL Act Now

Huawei NE40E and CX600 devices with software before V800R007SPH017; PTN 6900-2-M8 devices with software before V800R007SPH019; NE5000E devices with software before V800R006SPH018; and CloudEngine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service Huawei Ne5000E Firmware Cloudengine 12800 Firmware +3
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2016-3737 CRITICAL Act Now

The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Red Hat RCE Jboss Operations Network
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-6258 HIGH PATCH This Week

The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Authentication Bypass Xen Xenserver
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-1238 HIGH This Week

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Debian Linux Fedora Perl Leap +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2016-2408 HIGH This Week

Pulse Secure Desktop before 5.2R2 and Pulse Secure Installer Service before 8.2R2 and below for Windows allow restricted users to gain privileges via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Microsoft Odyssey Access Client Pulse Secure Desktop +2
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-6193 HIGH This Week

Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Buffer Overflow Huawei P8 Smartphone Firmware
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-1712 HIGH This Week

Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1.12, and 7.0.x before 7.0.8 might allow local users to gain privileges by leveraging improper. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Paloalto Pan Os
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-6192 HIGH This Week

Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Buffer Overflow Huawei P8 Smartphone Firmware
NVD
CVSS 3.0
7.3
EPSS
0.0%
CVE-2016-6257 MEDIUM This Month

The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Lenovo Firmware Km714 Firmware Km632 Firmware +2
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2016-6259 MEDIUM PATCH This Month

Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Xen Xenserver
NVD
CVSS 3.0
6.2
EPSS
0.3%
CVE-2016-5403 MEDIUM PATCH This Month

The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Ubuntu Linux Linux Vm Server Qemu +9
NVD
CVSS 3.1
5.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy