Skip to main content
CVE-2016-6305 HIGH POC THREAT Act Now

The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.9%.

Denial Of Service OpenSSL
NVD GitHub
CVSS 3.0
7.5
EPSS
24.9%
CVE-2016-6309 CRITICAL Act Now

statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 28.2% and no vendor patch available.

Memory Corruption Denial Of Service Use After Free RCE OpenSSL
NVD
CVSS 3.0
9.8
EPSS
28.2%
CVE-2016-4303 CRITICAL POC PATCH Act Now

The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service RCE Buffer Overflow Iperf3 Suse Package Hub For Suse Linux Enterprise +3
NVD GitHub
CVSS 3.1
9.8
EPSS
5.7%
CVE-2016-7098 HIGH POC This Week

Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Authentication Bypass Wget
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
6.7%
CVE-2016-6142 HIGH POC This Week

SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SAP Code Injection Hana
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2016-7162 HIGH POC PATCH This Week

The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Ubuntu Linux File Roller
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2016-6304 HIGH PATCH Act Now

Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 18.0%.

Denial Of Service OpenSSL Node Js Suse Linux Enterprise Module For Web Scripting
NVD
CVSS 3.1
7.5
EPSS
18.0%
CVE-2016-4972 CRITICAL PATCH Act Now

OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Python Mitaka Murano Murano Murano Dashboard +1
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2016-6980 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4263. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Adobe Memory Corruption RCE Use After Free Digital Editions
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2016-6840 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the management interface in Huawei OceanStor ISM before V200R001C04SPC200 allows remote attackers to inject arbitrary web script or HTML via the loginName. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Huawei Oceanstor Ism
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2016-6308 MEDIUM This Month

statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 19.4% and no vendor patch available.

Denial Of Service OpenSSL
NVD
CVSS 3.0
5.9
EPSS
19.4%
CVE-2016-7052 HIGH PATCH This Week

crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Denial Of Service Null Pointer Dereference Suse Linux Enterprise Module For Web Scripting Node Js
NVD
CVSS 3.1
7.5
EPSS
9.9%
CVE-2016-6913 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before 5.3 and USM before 5.3 allows remote attackers to inject arbitrary web script or HTML via the back parameter to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Open Source Security Information And Event Management Unified Security Management
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5963 HIGH PATCH This Week

IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 does not properly validate updates, which allows remote authenticated users to execute arbitrary code via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM RCE Authentication Bypass Security Privileged Identity Manager Virtual Appliance
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2016-5406 HIGH This Week

The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Jboss Enterprise Application Platform
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2016-3007 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM CSRF Connections
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-6307 MEDIUM This Month

The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 13.3% and no vendor patch available.

Denial Of Service OpenSSL
NVD
CVSS 3.0
5.9
EPSS
13.3%
CVE-2016-3110 HIGH PATCH This Week

mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Red Hat Denial Of Service Apache Jboss Enterprise Application Platform Jboss Enterprise Web Server +1
NVD
CVSS 3.0
7.5
EPSS
3.2%
CVE-2016-6153 MEDIUM PATCH CISA This Month

os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Sqlite Fedora Leap
NVD
CVSS 3.0
5.9
EPSS
0.0%
CVE-2016-6276 HIGH This Week

Citrix Linux Virtual Delivery Agent (aka VDA, formerly Linux Virtual Desktop) before 1.4.0 allows local users to gain root privileges via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Citrix Privilege Escalation Linux Virtual Delivery Agent
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-6518 HIGH This Week

Memory leak in Huawei S9300, S5300, S5700, S6700, S7700, S9700, and S12700 devices allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei S5300 Firmware S12700 Firmware S6300 Firmware +5
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-5957 HIGH PATCH This Week

IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive information by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Privileged Identity Manager Virtual Appliance
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-5996 HIGH This Week

The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Tealeaf Customer Experience
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-6306 MEDIUM PATCH This Month

The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Denial Of Service Information Disclosure Buffer Overflow Icewall Federation Agent +7
NVD
CVSS 3.1
5.9
EPSS
8.1%
CVE-2016-5971 HIGH PATCH This Week

IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Denial Of Service XXE Information Disclosure Security Privileged Identity Manager Virtual Appliance
NVD
CVSS 3.0
7.1
EPSS
0.4%
CVE-2016-5972 MEDIUM PATCH This Month

IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Privileged Identity Manager Virtual Appliance
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2016-5977 MEDIUM This Month

Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Open Redirect Tealeaf Customer Experience
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2016-3040 MEDIUM PATCH This Month

IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8, allows remote authenticated users to redirect users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

IBM Open Redirect Security Privileged Identity Manager Virtual Appliance
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2016-6172 MEDIUM PATCH This Month

PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Leap Opensuse Authoritative Server
NVD GitHub
CVSS 3.0
6.8
EPSS
0.0%
CVE-2016-5970 MEDIUM PATCH This Month

Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files via a .. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Security Privileged Identity Manager Virtual Appliance
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2016-5946 MEDIUM PATCH This Month

Directory traversal vulnerability in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to read arbitrary files via a .. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Path Traversal Information Disclosure Spectrum Control Tivoli Storage Productivity Center
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-6901 MEDIUM This Month

Format string vulnerability in Huawei AR100, AR120, AR150, AR200, AR500, AR550, AR1200, AR2200, AR2500, AR3200, and AR3600 routers with software before V200R007C00SPC900 and NetEngine 16EX routers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Huawei Ar Firmware Netengine 16Ex Firmware
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-2999 MEDIUM PATCH This Month

IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to obtain sensitive information via an unspecified brute-force attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Connections
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-6038 MEDIUM This Month

Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal IBM Aix
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-6826 MEDIUM This Month

Huawei AnyMail before 2.6.0301.0060 allows remote attackers to cause a denial of service (application crash) via a crafted compressed email attachment. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Authentication Bypass Anyoffice Secureapp
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-6827 MEDIUM This Month

Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, which allows remote authenticated users to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Huawei Fusioncompute
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-5997 MEDIUM This Month

The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Tealeaf Customer Experience
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-4993 MEDIUM PATCH This Month

CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Red Hat Code Injection Jboss Enterprise Application Platform Jboss Wildfly Application Server
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2016-7142 MEDIUM This Month

The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Inspircd Debian Linux
NVD GitHub
CVSS 3.0
5.9
EPSS
0.1%
CVE-2016-5947 MEDIUM PATCH This Month

IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to conduct clickjacking attacks via a crafted web site. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Tivoli Storage Productivity Center Spectrum Control
NVD
CVSS 3.0
5.7
EPSS
0.2%
CVE-2016-8279 MEDIUM This Month

The video driver in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B362, CRR-UL20 before CRR-UL20C00B362, CRR-CL00 before CRR-CL00C92B362, and CRR-CL20 before CRR-CL20C92B362; P8. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Authentication Bypass P8 Firmware Mate S Firmware +1
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-3006 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Connections
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-3003 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Connections
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-3001 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Connections
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5944 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to inject arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM XSS Spectrum Control Tivoli Storage Productivity Center
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5978 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Tealeaf Customer Experience
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5975 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Tealeaf Customer Experience
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5974 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to inject arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Security Privileged Identity Manager Virtual Appliance
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5943 MEDIUM PATCH This Month

IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to bypass intended access restrictions, and read task details or edit. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Spectrum Control
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2016-5746 MEDIUM This Month

libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Libstorage Libstorage Ng Yast Storage Leap
NVD GitHub
CVSS 3.0
5.1
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy