Skip to main content
CVE-2016-6351 MEDIUM This Month

The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), when built with ESP/NCR53C9x controller emulation support, allows local guest OS administrators to cause a denial of service. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Qemu Ubuntu Linux +1
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2016-6898 MEDIUM This Month

XML external entity (XXE) vulnerability in the Hyper Management Module (HMM) in Huawei E9000 rack servers with software before V100R001C00SPC296 allows remote authenticated users to read arbitrary. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service XXE Huawei Authentication Bypass E9000 Chassis
NVD
CVSS 3.0
6.6
EPSS
0.1%
CVE-2016-5404 MEDIUM PATCH This Month

The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Freeipa Linux Fedora
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2016-7108 MEDIUM This Month

Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 allows remote authenticated users to obtain the MD5 hashes of arbitrary user passwords via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Huawei Uma
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-6345 MEDIUM PATCH This Month

RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Resteasy
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-6316 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Rails Ruby On Rails Debian Linux
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2016-7033 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Red Hat Jboss Bpm Suite
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-6839 MEDIUM This Month

CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Huawei Fusionaccess
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2016-6900 MEDIUM This Month

The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613; RH2288 V3 servers with software before V100R003C00SPC617; RH2288H V3 servers. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Huawei Rh1288 V3 Server Firmware Rh2288 V3 Server Firmware Rh2288H V3 Server Firmware +4
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-6344 MEDIUM This Month

Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to obtain potentially sensitive information via. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Jboss Bpm Suite
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-1241 MEDIUM PATCH This Month

Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Tryton
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-6670 MEDIUM This Month

Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500 use random numbers with insufficient entropy to generate self-signed certificates, which makes it easier for. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Huawei S12700 S9700 Firmware S7700 Firmware +1
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2016-1242 MEDIUM PATCH This Month

file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Tryton
NVD
CVSS 3.0
4.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy