Skip to main content
CVE-2016-6855 HIGH POC PATCH This Week

Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Buffer Overflow Fedora Leap +3
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
4.0%
CVE-2016-5422 HIGH PATCH This Week

The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Red Hat Privilege Escalation Jboss Operations Network
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2016-7034 HIGH This Week

The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Red Hat Jboss Bpm Suite
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-6262 HIGH PATCH This Week

idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Libidn Ubuntu Linux Leap +1
NVD
CVSS 3.0
7.5
EPSS
4.7%
CVE-2015-8948 HIGH PATCH This Week

idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Leap Opensuse Ubuntu Linux +1
NVD
CVSS 3.0
7.5
EPSS
4.1%
CVE-2016-6318 HIGH This Week

Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow Cracklib Leap +1
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2016-6261 HIGH PATCH This Week

The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Information Disclosure Buffer Overflow Leap Libidn +1
NVD
CVSS 3.0
7.5
EPSS
2.7%
CVE-2016-6263 HIGH PATCH This Week

The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Information Disclosure Buffer Overflow Libidn
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2016-6346 HIGH PATCH This Week

RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Resteasy
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2016-6876 HIGH This Week

The RESOLV::lookup iRule command in F5 BIG-IP LTM, APM, ASM, and Link Controller 10.2.1 through 10.2.4, 11.2.1, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.0.0 before HF3; BIG-IP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Local Traffic Manager Big Ip Webaccelerator Big Ip Application Acceleration Manager Big Ip Global Traffic Manager +10
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-6317 HIGH PATCH This Week

Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Rails
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-7107 HIGH This Week

Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote attackers to reset arbitrary user passwords and consequently affect system data integrity via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Uma
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2016-6899 HIGH This Week

The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, RH2288H V3 servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Huawei Rh5885 V3 Server Firmware Rh1288 V3 Server Firmware Rh2288 V3 Server Firmware +4
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2016-6838 HIGH This Week

Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Huawei Rh1288 V3 Server Firmware Rh2288 V3 Server Firmware X6800 V3 Server Firmware +6
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2016-6182 HIGH This Week

The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Huawei Authentication Bypass Honor 4C Firmware
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-6179 HIGH This Week

The WiFi driver in Huawei Honor 6 smartphones with software H60-L01 before H60-L01C00B850, H60-L11 before H60-L11C00B850, H60-L21 before H60-L21C00B850, H60-L02 before H60-L02C00B850, H60-L12 before. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Huawei Authentication Bypass Honor 6 Firmware
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2016-6184 HIGH This Week

The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Huawei Authentication Bypass Honor 4C Firmware
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2016-6183 HIGH This Week

The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Huawei Authentication Bypass Honor 4C Firmware
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2016-6181 HIGH This Week

The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Huawei Authentication Bypass Honor 4C Firmware
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2016-6180 HIGH This Week

The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Huawei Authentication Bypass Honor 4C Firmware
NVD
CVSS 3.0
7.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy