Skip to main content
CVE-2016-4657 HIGH POC KEV THREAT Act Now

WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Buffer Overflow Memory Corruption Denial Of Service RCE Apple
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
77.1%
Threat
7.1
CVE-2016-4655 MEDIUM POC KEV THREAT This Month

The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Information Disclosure Apple
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
81.7%
Threat
6.6
CVE-2016-4656 HIGH POC KEV THREAT Act Now

The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Buffer Overflow Memory Corruption Denial Of Service RCE Apple
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
66.7%
Threat
6.6
CVE-2016-5681 CRITICAL Emergency

Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 35.3% and no vendor patch available.

RCE D-Link Buffer Overflow Dir 868l Firmware Dir 822 Firmware +8
NVD
CVSS 3.1
9.8
EPSS
35.3%
CVE-2016-4069 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Denial Of Service Leap Webmail
NVD GitHub
CVSS 3.0
8.8
EPSS
1.1%
CVE-2016-6369 HIGH This Week

Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Anyconnect Secure Mobility Client
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-5673 HIGH This Week

UltraVNC Repeater before 1300 does not restrict destination IP addresses or TCP ports, which allows remote attackers to obtain open-proxy functionality by using a :: substring in between the IP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Repeater
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2016-6231 MEDIUM This Month

Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple Information Disclosure Safe Browser
NVD
CVSS 3.0
5.9
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy