Skip to main content
CVE-2016-6321 HIGH POC PATCH THREAT Act Now

Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.1%.

Path Traversal Tar
NVD
CVSS 3.1
7.5
EPSS
11.1%
CVE-2016-8858 HIGH PATCH Act Now

The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 26.9%.

Denial Of Service SSH
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
26.9%
CVE-2016-6829 CRITICAL PATCH Act Now

The trove service user in (1) Openstack deployment (aka crowbar-openstack) and (2) Trove Barclamp (aka barclamp-trove and crowbar-barclamp-trove) in the Crowbar Framework has a default password,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Barclamp Trove Crowbar Openstack
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2016-6496 CRITICAL Act Now

The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian RCE Java Crowd
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2016-9013 CRITICAL PATCH Act Now

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Oracle Python Authentication Bypass Django Ubuntu Linux +1
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2016-6501 CRITICAL Act Now

JFrog Artifactory before 4.11 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Java Artifactory
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2016-5423 HIGH PATCH This Week

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Null Pointer Dereference RCE PostgreSQL Debian Linux
NVD
CVSS 3.0
8.3
EPSS
3.4%
CVE-2016-9014 HIGH PATCH This Week

Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Python Privilege Escalation Fedora Ubuntu Linux Django
NVD
CVSS 3.0
8.1
EPSS
3.0%
CVE-2016-6301 HIGH PATCH This Week

The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Busybox
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2016-5424 HIGH PATCH This Week

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection PostgreSQL Debian Linux
NVD
CVSS 3.0
7.1
EPSS
1.7%
CVE-2015-8786 MEDIUM PATCH This Month

The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Solaris Rabbitmq
NVD GitHub
CVSS 3.0
6.5
EPSS
1.3%
CVE-2016-6523 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the media manager in Dotclear before 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) q or (2) link_type parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Dotclear
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2016-9103 MEDIUM PATCH This Month

The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Qemu Debian Linux
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2016-9106 MEDIUM PATCH This Month

Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Leap Debian Linux
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2016-9101 MEDIUM PATCH This Month

Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Leap Debian Linux
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2016-9105 MEDIUM PATCH This Month

Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Leap Debian Linux
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2016-9102 MEDIUM PATCH This Month

Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2016-9104 MEDIUM PATCH This Month

Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Integer Overflow Denial Of Service Qemu Debian Linux Leap
NVD
CVSS 3.1
4.4
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy