Skip to main content
CVE-2016-6305 HIGH POC THREAT Act Now

The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.9%.

Denial Of Service OpenSSL
NVD GitHub
CVSS 3.0
7.5
EPSS
24.9%
CVE-2016-7098 HIGH POC This Week

Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Authentication Bypass Wget
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
6.7%
CVE-2016-6142 HIGH POC This Week

SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SAP Code Injection Hana
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2016-7162 HIGH POC PATCH This Week

The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Ubuntu Linux File Roller
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2016-6304 HIGH PATCH Act Now

Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 18.0%.

Denial Of Service OpenSSL Node Js Suse Linux Enterprise Module For Web Scripting
NVD
CVSS 3.1
7.5
EPSS
18.0%
CVE-2016-7052 HIGH PATCH This Week

crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Denial Of Service Null Pointer Dereference Suse Linux Enterprise Module For Web Scripting Node Js
NVD
CVSS 3.1
7.5
EPSS
9.9%
CVE-2016-5963 HIGH PATCH This Week

IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 does not properly validate updates, which allows remote authenticated users to execute arbitrary code via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM RCE Authentication Bypass Security Privileged Identity Manager Virtual Appliance
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2016-5406 HIGH This Week

The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Jboss Enterprise Application Platform
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2016-3007 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM CSRF Connections
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-3110 HIGH PATCH This Week

mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Red Hat Denial Of Service Apache Jboss Enterprise Application Platform Jboss Enterprise Web Server +1
NVD
CVSS 3.0
7.5
EPSS
3.2%
CVE-2016-6276 HIGH This Week

Citrix Linux Virtual Delivery Agent (aka VDA, formerly Linux Virtual Desktop) before 1.4.0 allows local users to gain root privileges via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Citrix Privilege Escalation Linux Virtual Delivery Agent
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-6518 HIGH This Week

Memory leak in Huawei S9300, S5300, S5700, S6700, S7700, S9700, and S12700 devices allows remote attackers to cause a denial of service (memory consumption and restart) via a large number of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei S5300 Firmware S12700 Firmware S6300 Firmware +5
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-5957 HIGH PATCH This Week

IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive information by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Privileged Identity Manager Virtual Appliance
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-5996 HIGH This Week

The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Tealeaf Customer Experience
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-5971 HIGH PATCH This Week

IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Denial Of Service XXE Information Disclosure Security Privileged Identity Manager Virtual Appliance
NVD
CVSS 3.0
7.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy