Skip to main content
CVE-2016-8582 CRITICAL POC THREAT Emergency

A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.5%.

PHP SQLi Open Source Security Information And Event Management Unified Security Management
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
80.5%
Threat
5.9
CVE-2016-8581 MEDIUM POC THREAT This Month

A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 68.2%.

XSS Open Source Security Information And Event Management Unified Security Management
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
68.2%
Threat
4.8
CVE-2016-8580 CRITICAL POC THREAT Emergency

PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.6%.

RCE PHP Authentication Bypass Open Source Security Information And Event Management Unified Security Management
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
12.6%
CVE-2016-8339 CRITICAL POC PATCH Act Now

A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Redis Memory Corruption Buffer Overflow RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2016-8331 HIGH POC This Week

An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Libtiff
NVD
CVSS 3.0
8.1
EPSS
6.2%
CVE-2016-8335 HIGH POC This Week

An exploitable stack based buffer overflow vulnerability exists in the ipNameAdd functionality of Iceni Argus Version 6.6.04 (Sep 7 2012) NK - Linux x64 and Version 6.6.04 (Nov 14 2014) NK - Windows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Microsoft Argus
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2016-8333 HIGH POC This Week

An exploitable stack-based buffer overflow vulnerability exists in the ipfSetColourStroke functionality of Iceni Argus version 6.6.04 A specially crafted pdf file can cause a buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Argus
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2016-8332 HIGH POC This Week

A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Openjpeg
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2016-8600 HIGH POC This Week

In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dotcms
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2016-7919 HIGH POC This Week

Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Moodle
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2016-9017 HIGH POC This Week

Artifex Software, Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Mujs
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-8598 CRITICAL PATCH Act Now

Buffer overflow in the zmq interface in csp_if_zmqhub.c in the libcsp library v1.4 and earlier allows hostile computers connected via a zmq interface to execute arbitrary code via a long packet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Libcsp
NVD GitHub
CVSS 3.0
9.8
EPSS
3.4%
CVE-2016-8597 CRITICAL PATCH Act Now

Buffer overflow in the csp_sfp_recv_fp in csp_sfp.c in the libcsp library v1.4 and earlier allows hostile components with network access to the SFP underlying network layers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Libcsp
NVD GitHub
CVSS 3.0
9.8
EPSS
3.4%
CVE-2016-8596 CRITICAL PATCH Act Now

Buffer overflow in the csp_can_process_frame in csp_if_can.c in the libcsp library v1.4 and earlier allows hostile components connected to the canbus to execute arbitrary code via a long csp packet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Libcsp
NVD GitHub
CVSS 3.0
9.8
EPSS
3.4%
CVE-2016-6397 CRITICAL Act Now

A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Ip Interoperability And Collaboration System
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2016-9018 MEDIUM POC This Month

Improper handling of a repeating VRAT chunk in qcpfformat.dll allows attackers to cause a Null pointer dereference and crash in RealNetworks RealPlayer 18.1.5.705 through a crafted .QCP media file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Realplayer
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
1.4%
CVE-2016-9028 HIGH This Week

Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Authentication Bypass Netscaler Application Delivery Controller Firmware
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2016-4396 HIGH This Week

HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow System Management Homepage
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2016-4395 HIGH This Week

HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow System Management Homepage
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2016-6360 HIGH This Week

A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to cause a partial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Email Security Appliance Web Security Appliance
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2016-6358 HIGH This Week

A vulnerability in local FTP to the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition when the FTP application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Email Security Appliance
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2016-6356 HIGH This Week

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Email Security Appliance
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2016-1486 HIGH This Week

A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Email Security Appliance
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2016-1481 HIGH This Week

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Email Security Appliance
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2016-8867 HIGH This Week

Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Privilege Escalation
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-1480 HIGH This Week

A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Email Security Appliance
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-6372 HIGH This Week

A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Email Security Appliance Web Security Appliance Web Security Appliance 8 0 5
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-6357 HIGH This Week

A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Email Security Appliance
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-4394 MEDIUM This Month

HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure System Management Homepage
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2016-8871 MEDIUM This Month

In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to recover plaintext, aka an "OAEP side. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Botan
NVD
CVSS 3.0
6.2
EPSS
0.1%
CVE-2016-8889 MEDIUM PATCH This Month

In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 (fixed in v0.13.1.knots20161027), the debug console stores sensitive information including private keys and the wallet passphrase in. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Bitcoin Knots
NVD GitHub
CVSS 3.0
6.2
EPSS
0.1%
CVE-2016-1423 MEDIUM This Month

A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Email Security Appliance
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-8583 MEDIUM This Month

Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Source Security Information And Event Management Unified Security Management
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-4393 MEDIUM This Month

HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS System Management Homepage
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-8579 MEDIUM PATCH This Month

docker2aci <= 0.12.3 has an infinite loop when handling local images with cyclic dependency chain. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Docker2Aci
NVD GitHub
CVSS 3.0
4.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy