Skip to main content
CVE-2016-5844 MEDIUM POC PATCH This Month

Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Libarchive Enterprise Linux Desktop Enterprise Linux Hpc Node +7
NVD GitHub
CVSS 3.0
6.5
EPSS
1.5%
CVE-2016-4968 MEDIUM This Month

The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortinet Fortiwan
NVD
CVSS 3.0
6.5
EPSS
3.5%
CVE-2016-4966 MEDIUM This Month

The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet PHP Authentication Bypass Fortiwan
NVD
CVSS 3.0
6.5
EPSS
2.3%
CVE-2016-4967 MEDIUM This Month

Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to obtain sensitive information from (1) a backup of the device configuration via script/cfg_show.php or (2). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure Fortinet Fortiwan
NVD
CVSS 3.0
6.5
EPSS
1.9%
CVE-2016-7154 MEDIUM PATCH This Month

Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption RCE Use After Free Xen
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2016-0905 MEDIUM This Month

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Avamar Server
NVD
CVSS 3.0
6.7
EPSS
0.0%
CVE-2016-0921 MEDIUM This Month

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Avamar Server
NVD
CVSS 3.0
6.5
EPSS
0.0%
CVE-2016-4969 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the IP parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Fortinet Fortiwan
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2016-6158 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allow remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Huawei Ws331A Router Firmware
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-7166 MEDIUM PATCH This Month

libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Hpc Node Eus Enterprise Linux Server +5
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2016-0925 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Case Management application in EMC RSA Adaptive Authentication (On-Premise) before 6.0.2.1.SP3.P4 HF210, 7.0.x and 7.1.x before 7.1.0.0.SP0.P6 HF50,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rsa Adaptive Authentication On Premise
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-7094 MEDIUM PATCH This Month

Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update. Rated medium severity (CVSS 4.1).

Denial Of Service Buffer Overflow Xen
NVD
CVSS 3.0
4.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy