Skip to main content
CVE-2016-6855 HIGH POC PATCH This Week

Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Buffer Overflow Fedora Leap +3
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
4.0%
CVE-2016-5022 CRITICAL Act Now

F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM, AFM, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Big Ip Link Controller Big Ip Policy Enforcement Manager Big Ip Access Policy Manager +19
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2016-7110 CRITICAL Act Now

Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7109. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Huawei Code Injection Uma
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2016-7109 CRITICAL Act Now

Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows remote attackers to execute arbitrary commands via "special characters," a different vulnerability than CVE-2016-7110. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Huawei Code Injection Uma
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2016-6825 CRITICAL Act Now

Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Rh1288 V3 Server Firmware Rh2288 V3 Server Firmware Rh2288H V3 Server Firmware +3
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2016-5422 HIGH PATCH This Week

The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Red Hat Privilege Escalation Jboss Operations Network
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2016-7034 HIGH This Week

The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Red Hat Jboss Bpm Suite
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-6262 HIGH PATCH This Week

idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Libidn Ubuntu Linux Leap +1
NVD
CVSS 3.0
7.5
EPSS
4.7%
CVE-2015-8948 HIGH PATCH This Week

idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Leap Opensuse Ubuntu Linux +1
NVD
CVSS 3.0
7.5
EPSS
4.1%
CVE-2016-6318 HIGH This Week

Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow Cracklib Leap +1
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2016-6261 HIGH PATCH This Week

The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Information Disclosure Buffer Overflow Leap Libidn +1
NVD
CVSS 3.0
7.5
EPSS
2.7%
CVE-2016-6263 HIGH PATCH This Week

The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Information Disclosure Buffer Overflow Libidn
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2016-6346 HIGH PATCH This Week

RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Resteasy
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2016-6876 HIGH This Week

The RESOLV::lookup iRule command in F5 BIG-IP LTM, APM, ASM, and Link Controller 10.2.1 through 10.2.4, 11.2.1, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.0.0 before HF3; BIG-IP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Local Traffic Manager Big Ip Webaccelerator Big Ip Application Acceleration Manager Big Ip Global Traffic Manager +10
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-6317 HIGH PATCH This Week

Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Rails
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-7107 HIGH This Week

Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote attackers to reset arbitrary user passwords and consequently affect system data integrity via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Uma
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2016-6899 HIGH This Week

The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, RH2288H V3 servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Huawei Rh5885 V3 Server Firmware Rh1288 V3 Server Firmware Rh2288 V3 Server Firmware +4
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2016-6838 HIGH This Week

Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Huawei Rh1288 V3 Server Firmware Rh2288 V3 Server Firmware X6800 V3 Server Firmware +6
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2016-6182 HIGH This Week

The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Huawei Authentication Bypass Honor 4C Firmware
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-6179 HIGH This Week

The WiFi driver in Huawei Honor 6 smartphones with software H60-L01 before H60-L01C00B850, H60-L11 before H60-L11C00B850, H60-L21 before H60-L21C00B850, H60-L02 before H60-L02C00B850, H60-L12 before. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Huawei Authentication Bypass Honor 6 Firmware
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2016-6184 HIGH This Week

The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Huawei Authentication Bypass Honor 4C Firmware
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2016-6183 HIGH This Week

The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Huawei Authentication Bypass Honor 4C Firmware
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2016-6181 HIGH This Week

The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Huawei Authentication Bypass Honor 4C Firmware
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2016-6180 HIGH This Week

The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Huawei Authentication Bypass Honor 4C Firmware
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2016-6351 MEDIUM This Month

The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Qemu Ubuntu Linux +1
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2016-6898 MEDIUM This Month

XML external entity (XXE) vulnerability in the Hyper Management Module (HMM) in Huawei E9000 rack servers with software before V100R001C00SPC296 allows remote authenticated users to read arbitrary. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service XXE Huawei Authentication Bypass E9000 Chassis
NVD
CVSS 3.0
6.6
EPSS
0.1%
CVE-2016-5404 MEDIUM PATCH This Month

The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Freeipa Linux Fedora
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2016-7108 MEDIUM This Month

Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Huawei Uma
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-6345 MEDIUM PATCH This Month

RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Resteasy
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-6316 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Rails Ruby On Rails Debian Linux
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2016-7033 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Red Hat Jboss Bpm Suite
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-6839 MEDIUM This Month

CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Huawei Fusionaccess
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2016-6900 MEDIUM This Month

The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613; RH2288 V3 servers with software before V100R003C00SPC617; RH2288H V3 servers. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Huawei Rh1288 V3 Server Firmware Rh2288 V3 Server Firmware Rh2288H V3 Server Firmware +4
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-6344 MEDIUM This Month

Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to obtain potentially sensitive information via. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Jboss Bpm Suite
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-1241 MEDIUM PATCH This Month

Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Tryton
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-6670 MEDIUM This Month

Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500 use random numbers with insufficient entropy to generate self-signed certificates, which makes it easier for. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Huawei S12700 S9700 Firmware S7700 Firmware +1
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2016-1242 MEDIUM PATCH This Month

file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Tryton
NVD
CVSS 3.0
4.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy