Skip to main content
CVE-2016-1240 HIGH POC THREAT Act Now

The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 22.1%.

Tomcat Information Disclosure Ubuntu Debian Java
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
22.1%
CVE-2016-1243 CRITICAL PATCH Act Now

Stack-based buffer overflow in the extractTree function in unADF allows remote attackers to execute arbitrary code via a long pathname. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 27.7%.

RCE Buffer Overflow Debian Linux Unadf
NVD
CVSS 3.0
9.8
EPSS
27.7%
CVE-2016-5700 CRITICAL POC Act Now

Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2, when configured. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Big Ip Policy Enforcement Manager Big Ip Local Traffic Manager Big Ip Websafe +5
NVD
CVSS 3.0
9.8
EPSS
5.6%
CVE-2016-5180 CRITICAL Act Now

Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 18.2% and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow RCE C Ares +3
NVD
CVSS 3.1
9.8
EPSS
18.2%
CVE-2016-7445 HIGH POC PATCH This Week

convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Openjpeg Leap
NVD GitHub
CVSS 3.0
7.5
EPSS
2.0%
CVE-2016-3623 HIGH POC This Week

The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libtiff Opensuse
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2016-6352 HIGH POC This Week

The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow Ubuntu Linux Gdk Pixbuf +2
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2016-3624 HIGH POC This Week

The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) by setting the "-v" option to -1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow Libtiff
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2016-3620 HIGH POC This Week

The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c zip" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Libtiff
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2016-7031 HIGH POC PATCH This Week

The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Ceph Ceph Storage
NVD GitHub
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-5019 CRITICAL PATCH Act Now

CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Apache Myfaces Trinidad
NVD
CVSS 3.0
9.8
EPSS
6.0%
CVE-2016-4436 CRITICAL PATCH Act Now

Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apache Struts
NVD
CVSS 3.0
9.8
EPSS
5.7%
CVE-2016-1244 HIGH PATCH This Week

The extractTree function in unADF allows remote attackers to execute arbitrary code via shell metacharacters in a directory name in an adf file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Unadf Debian Linux
NVD
CVSS 3.0
8.8
EPSS
10.0%
CVE-2016-3619 MEDIUM POC This Month

The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c none" option is used, allows remote attackers to cause a denial of service (buffer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Libtiff
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2016-3622 MEDIUM POC This Month

The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libtiff
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2016-7405 CRITICAL PATCH Act Now

The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP SQLi Adodb Fedora
NVD GitHub
CVSS 3.0
9.8
EPSS
3.1%
CVE-2016-8276 CRITICAL Act Now

Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Huawei Usg2100 +3
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2016-1372 MEDIUM POC This Month

ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass Clamav Ubuntu Linux
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2016-1371 MEDIUM POC This Month

ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass Ubuntu Linux Clamav
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2015-1832 CRITICAL PATCH Act Now

XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service XXE Java Apache Derby
NVD
CVSS 3.0
9.1
EPSS
0.8%
CVE-2016-3621 HIGH This Week

The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the "-c lzw" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Libtiff
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2016-7401 HIGH PATCH This Week

The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Python Google Ubuntu Linux Django +1
NVD
CVSS 3.0
7.5
EPSS
4.4%
CVE-2013-4118 HIGH PATCH This Week

FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Freerdp Leap Opensuse
NVD GitHub
CVSS 3.0
7.5
EPSS
1.9%
CVE-2013-4119 HIGH PATCH This Week

FreeRDP before 1.1.0-beta+2013071101 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by disconnecting before authentication has finished. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Freerdp
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2016-3658 HIGH This Week

The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Libtiff
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2016-3631 HIGH This Week

The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Libtiff
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2016-3634 HIGH This Week

The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to field_tag. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Libtiff
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-7141 HIGH PATCH This Week

curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Leap Libcurl
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-3633 HIGH This Week

The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Libtiff
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-8278 HIGH This Week

Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote attackers to cause a denial of service (device restart) via an unspecified URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Usg9520 Usg9560 Usg9580
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-6905 MEDIUM PATCH This Month

The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Information Disclosure Buffer Overflow Libgd Leap +1
NVD GitHub
CVSS 3.0
6.5
EPSS
1.4%
CVE-2016-8280 MEDIUM This Month

Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Huawei Esight
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2016-7046 MEDIUM PATCH This Month

Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Red Hat Denial Of Service Jboss Enterprise Application Platform
NVD
CVSS 3.0
5.9
EPSS
4.1%
CVE-2016-3625 MEDIUM This Month

tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow Libtiff
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2016-8277 MEDIUM This Month

Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote authenticated users to cause a denial of service (device restart) via an unspecified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Huawei Usg9520 Usg9560 Usg9580
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-7571 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Drupal 8.x before 8.1.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an HTTP exception. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Drupal
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-6494 MEDIUM PATCH This Month

The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure MongoDB Fedora
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-5398 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Red Hat Jboss Bpm Suite
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-8085 MEDIUM This Month

Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Huawei S9300 Firmware S12700 Firmware Quidway S9300 Firmware +4
NVD
CVSS 3.0
4.9
EPSS
0.0%
CVE-2015-8086 MEDIUM This Month

Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Huawei Quidway S5300 Firmware Quidway S9300 Firmware S5700 Firmware +4
NVD
CVSS 3.0
4.9
EPSS
0.0%
CVE-2016-7442 MEDIUM This Month

The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Sophos Information Disclosure Unified Threat Management Software
NVD
CVSS 3.0
4.4
EPSS
0.0%
CVE-2016-7397 MEDIUM This Month

The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the SMTP user settings in. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Sophos Information Disclosure Unified Threat Management Software
NVD
CVSS 3.0
4.4
EPSS
0.0%
CVE-2016-7570 MEDIUM PATCH This Month

Drupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Drupal
NVD
CVSS 3.0
4.3
EPSS
0.3%
CVE-2016-7572 MEDIUM PATCH This Month

The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Drupal
NVD
CVSS 3.0
4.3
EPSS
0.3%
CVE-2016-5432 LOW PATCH Monitor

The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Red Hat Information Disclosure Enterprise Virtualization
NVD
CVSS 3.0
3.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy