Skip to main content
CVE-2016-9563 MEDIUM POC KEV THREAT This Month

BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Java SAP XXE
NVD
CVSS 3.1
6.5
EPSS
58.4%
Threat
6.1
CVE-2016-1248 HIGH PATCH Act Now

vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 15.9%.

RCE Vim Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
15.9%
CVE-2016-8673 HIGH This Week

A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Simatic S7 300 Cpu Firmware Simatic Cp 443 1 Firmware Simatic Cp 343 1 Firmware Simatic S7 400 Cpu Firmware
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-9562 HIGH This Week

SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Null Pointer Dereference Java Netweaver Application Server Java
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2016-9567 MEDIUM This Month

The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Samsung Mobile
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-8672 MEDIUM This Month

A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Simatic Cp 343 1 Firmware Simatic S7 300 Cpu Firmware Simatic S7 400 Cpu Firmware Simatic Cp 443 1 Firmware
NVD
CVSS 3.0
5.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy