Skip to main content
CVE-2016-5636 CRITICAL PATCH Act Now

Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 45.1%.

Integer Overflow Python Buffer Overflow
NVD
CVSS 3.0
9.8
EPSS
45.1%
CVE-2016-5699 MEDIUM POC PATCH THREAT This Month

CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 41.7%.

Python Code Injection
NVD
CVSS 3.0
6.1
EPSS
41.7%
Threat
4.0
CVE-2016-6483 HIGH POC PATCH THREAT Act Now

The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.3%.

SSRF File Upload Vbulletin
NVD Exploit-DB
CVSS 3.0
8.6
EPSS
16.3%
CVE-2016-1470 HIGH POC This Week

Cross-site request forgery (CSRF) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to hijack the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Cisco Small Business 220 Series Smart Plus Switches
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-0772 MEDIUM POC PATCH This Month

The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Python Authentication Bypass
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
7.6%
CVE-2016-1473 CRITICAL Act Now

Cisco Small Business 220 devices with firmware before 1.0.1.1 have a hardcoded SNMP community, which allows remote attackers to read or modify SNMP objects by leveraging knowledge of this community,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Small Business 220 Series Smart Plus Switches
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2016-1471 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to inject arbitrary web script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cisco Small Business 220 Series Smart Plus Switches
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-6893 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mailman
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2016-7123 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mailman
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-5879 HIGH This Week

MQCLI on IBM MQ Appliance M2000 and M2001 devices allows local users to execute arbitrary shell commands via a crafted (1) Disaster Recovery or (2) High Availability command. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Mq Appliance Firmware
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2016-4853 HIGH This Week

AKABEi SOFT2 games allow remote attackers to execute arbitrary OS commands via crafted saved data, as demonstrated by Happy Wardrobe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Happy Wardrobe
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2016-1472 HIGH This Week

The web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to cause a denial of service (interface outage) via a crafted HTTP request,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Small Business 220 Series Smart Plus Switches
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2016-6376 MEDIUM This Month

The Adaptive Wireless Intrusion Prevention System (wIPS) feature on Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and 8.3.x before 8.3.102.0 allows. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Wireless Lan Controller Wireless Lan Controller 6 0 Wireless Lan Controller 7 0 +3
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-4848 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in ClipBucket before 2.8.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Clipbucket
NVD GitHub
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-4851 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Let's PHP!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Simple Chat
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-4952 MEDIUM PATCH This Month

QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Memory Corruption Buffer Overflow VMware Qemu +2
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2016-5106 MEDIUM PATCH This Month

The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest administrators to cause a denial of. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Memory Corruption Buffer Overflow Qemu Ubuntu Linux +1
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2016-5107 MEDIUM PATCH This Month

The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Information Disclosure Buffer Overflow Qemu Ubuntu Linux +1
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2016-5105 MEDIUM PATCH This Month

The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Qemu Ubuntu Linux Debian Linux
NVD
CVSS 3.1
4.4
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy