Skip to main content
CVE-2016-5427 HIGH Act Now

PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 85.5% and no vendor patch available.

Denial Of Service Authoritative
NVD GitHub
CVSS 3.0
7.5
EPSS
85.5%
Threat
4.1
CVE-2016-6354 CRITICAL PATCH Act Now

Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 37.7%.

Denial Of Service RCE Buffer Overflow Debian Linux Flex
NVD GitHub
CVSS 3.0
9.8
EPSS
37.7%
CVE-2016-5426 HIGH PATCH Act Now

PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 37.0%.

Denial Of Service Authoritative
NVD GitHub
CVSS 3.0
7.5
EPSS
37.0%
CVE-2016-5017 HIGH POC This Week

Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Apache Zookeeper
NVD
CVSS 3.0
8.1
EPSS
6.1%
CVE-2016-5418 HIGH POC PATCH This Week

The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server Enterprise Linux Workstation +6
NVD GitHub
CVSS 3.0
7.5
EPSS
5.2%
CVE-2015-8960 HIGH POC This Week

The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Transport Layer Security Clustered Data Ontap Antivirus Connector Data Ontap Edge Host Agent +9
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2016-4301 HIGH POC PATCH This Week

Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Libarchive
NVD GitHub
CVSS 3.0
7.8
EPSS
1.4%
CVE-2016-4302 HIGH POC PATCH This Week

Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Hpc Node Eus +5
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2016-4300 HIGH POC PATCH This Week

Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow RCE Buffer Overflow Libarchive Enterprise Linux Desktop +6
NVD GitHub
CVSS 3.0
7.8
EPSS
0.9%
CVE-2016-7163 HIGH POC PATCH This Week

Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow RCE Buffer Overflow Openjpeg Debian Linux +7
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2016-5844 MEDIUM POC PATCH This Month

Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Libarchive Enterprise Linux Desktop Enterprise Linux Hpc Node +7
NVD GitHub
CVSS 3.0
6.5
EPSS
1.5%
CVE-2016-0917 CRITICAL Act Now

The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation Vnx1 Oe Firmware Vnx2 Oe Firmware Vnxe Oe Firmware
NVD
CVSS 3.0
9.8
EPSS
4.1%
CVE-2016-4965 HIGH This Week

Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection PHP Fortinet Fortiwan
NVD
CVSS 3.0
8.8
EPSS
7.7%
CVE-2016-6530 CRITICAL Act Now

Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default passwords for the sa and cdr accounts, which allows remote attackers to obtain administrative access by leveraging knowledge of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cdr Dicom
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2016-4464 CRITICAL PATCH Act Now

The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Authentication Bypass Cxf Fediz
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2015-8871 CRITICAL PATCH Act Now

Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Debian Linux Openjpeg
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2016-0903 CRITICAL Act Now

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Avamar Server
NVD
CVSS 3.0
9.1
EPSS
1.1%
CVE-2016-4384 HIGH PATCH This Week

HPE Performance Center before 12.50 and LoadRunner before 12.50 allow remote attackers to cause a denial of service via unspecified vectors. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Loadrunner Performance Center
NVD
CVSS 3.0
8.6
EPSS
2.9%
CVE-2016-6250 HIGH PATCH This Week

Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Buffer Overflow Denial Of Service Linux +1
NVD GitHub
CVSS 3.0
8.6
EPSS
1.7%
CVE-2016-6801 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Apache Jackrabbit Debian Linux
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2016-0904 HIGH This Week

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Avamar Server
NVD
CVSS 3.0
8.6
EPSS
0.2%
CVE-2016-4382 HIGH This Week

HPE Performance Center 11.52, 12.00, 12.01, 12.20, and 12.50 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to a "remote user validation failure". Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Performance Center
NVD
CVSS 3.0
8.3
EPSS
0.2%
CVE-2016-7143 HIGH PATCH This Week

The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Debian Linux Charybdis
NVD GitHub
CVSS 3.0
8.1
EPSS
1.0%
CVE-2016-7092 HIGH PATCH This Week

The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Privilege Escalation Xen
NVD
CVSS 3.0
8.2
EPSS
0.1%
CVE-2016-7093 HIGH PATCH This Week

Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Privilege Escalation Xen
NVD
CVSS 3.0
8.2
EPSS
0.1%
CVE-2016-4809 HIGH PATCH This Week

The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server Enterprise Linux Workstation +5
NVD GitHub
CVSS 3.0
7.5
EPSS
2.5%
CVE-2016-3632 HIGH PATCH This Week

The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Memory Corruption Buffer Overflow RCE Libtiff +1
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2016-3991 HIGH PATCH This Week

Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service RCE Buffer Overflow Vm Server Libtiff
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2016-3990 HIGH PATCH This Week

Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service RCE Buffer Overflow Libtiff Vm Server
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2016-3945 HIGH PATCH This Week

Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Buffer Overflow Denial Of Service Libtiff +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-0920 HIGH This Week

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Avamar Server
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-6159 HIGH This Week

The management interface of Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allows remote attackers to bypass authentication and obtain administrative access by sending "special. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Huawei Authentication Bypass Ws331A Router Firmware
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2016-4968 MEDIUM This Month

The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortinet Fortiwan
NVD
CVSS 3.0
6.5
EPSS
3.5%
CVE-2016-4966 MEDIUM This Month

The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet PHP Authentication Bypass Fortiwan
NVD
CVSS 3.0
6.5
EPSS
2.3%
CVE-2016-4967 MEDIUM This Month

Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to obtain sensitive information from (1) a backup of the device configuration via script/cfg_show.php or (2). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Fortinet Fortiwan
NVD
CVSS 3.0
6.5
EPSS
1.9%
CVE-2016-7154 MEDIUM PATCH This Month

Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption RCE Use After Free Xen
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2016-0905 MEDIUM This Month

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Avamar Server
NVD
CVSS 3.0
6.7
EPSS
0.0%
CVE-2016-0921 MEDIUM This Month

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Avamar Server
NVD
CVSS 3.0
6.5
EPSS
0.0%
CVE-2016-4969 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the IP parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Fortinet Fortiwan
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2016-6158 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allow remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Huawei Ws331A Router Firmware
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-7166 MEDIUM PATCH This Month

libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Hpc Node Eus Enterprise Linux Server +5
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2016-0925 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Case Management application in EMC RSA Adaptive Authentication (On-Premise) before 6.0.2.1.SP3.P4 HF210, 7.0.x and 7.1.x before 7.1.0.0.SP0.P6 HF50,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rsa Adaptive Authentication On Premise
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-7094 MEDIUM PATCH This Month

Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update. Rated medium severity (CVSS 4.1).

Denial Of Service Buffer Overflow Xen
NVD
CVSS 3.0
4.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy