Skip to main content
CVE-2016-6354 CRITICAL PATCH Act Now

Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 37.7%.

Denial Of Service RCE Buffer Overflow Debian Linux Flex
NVD GitHub
CVSS 3.0
9.8
EPSS
37.7%
CVE-2016-0917 CRITICAL Act Now

The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Privilege Escalation Vnx1 Oe Firmware Vnx2 Oe Firmware Vnxe Oe Firmware
NVD
CVSS 3.0
9.8
EPSS
4.1%
CVE-2016-6530 CRITICAL Act Now

Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default passwords for the sa and cdr accounts, which allows remote attackers to obtain administrative access by leveraging knowledge of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cdr Dicom
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2016-4464 CRITICAL PATCH Act Now

The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Authentication Bypass Cxf Fediz
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2015-8871 CRITICAL PATCH Act Now

Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Debian Linux Openjpeg
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2016-0903 CRITICAL Act Now

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Avamar Server
NVD
CVSS 3.0
9.1
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy