Skip to main content
CVE-2016-6277 HIGH POC KEV PATCH THREAT Act Now

NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Netgear CSRF
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
94.3%
Threat
7.6
CVE-2016-1000156 CRITICAL POC THREAT Emergency

Mailcwp remote file upload vulnerability incomplete fix v1.100. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.4%.

Command Injection File Upload Mailcwp
NVD
CVSS 3.0
9.8
EPSS
16.4%
Threat
4.0
CVE-2016-9192 HIGH Act Now

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM...

Cisco Privilege Escalation Microsoft
NVD GitHub
CVSS 3.0
7.8
EPSS
31.1%
Threat
4.5
CVE-2016-8733 HIGH POC This Week

An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Privilege Escalation Smartos
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2016-9031 HIGH POC This Week

An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. Rated high severity (CVSS 7.8). Public exploit code available and no vendor patch available.

Integer Overflow Privilege Escalation Smartos
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2016-9035 HIGH POC This Week

An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Privilege Escalation Buffer Overflow Smartos
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2016-9034 HIGH POC This Week

An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Privilege Escalation Buffer Overflow Smartos
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2016-9033 HIGH POC This Week

An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Privilege Escalation Buffer Overflow Smartos
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2016-9032 HIGH POC This Week

An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Privilege Escalation Buffer Overflow Smartos
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2014-8241 CRITICAL Act Now

XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Tigervnc Enterprise Linux Desktop Enterprise Linux Hpc Node +2
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2016-6468 HIGH This Week

A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Emergency Responder
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2016-3684 MEDIUM POC This Month

SAP Download Manager 2.1.142 and earlier uses a hardcoded encryption key to protect stored data, which allows context-dependent attackers to obtain sensitive configuration information by leveraging. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Information Disclosure SAP Download Manager
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2016-3685 MEDIUM POC This Month

SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Microsoft SAP Authentication Bypass Download Manager
NVD
CVSS 3.0
4.7
EPSS
0.0%
CVE-2016-9210 HIGH This Week

A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Cisco Unified Communications Manager
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2016-9203 HIGH This Week

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco ASR 5000 Series Software could allow an unauthenticated, remote attacker to cause a reload of the ipsecmgr process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Buffer Overflow Microsoft Asr 5000 Series Software
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2016-6467 HIGH This Week

A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Switch could allow an unauthenticated, remote attacker to cause an unexpected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Asr 5000 Series Software
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2016-9211 HIGH This Week

A vulnerability in TCP port management in Cisco ONS 15454 Series Multiservice Provisioning Platforms could allow an unauthenticated, remote attacker to cause the controller card to unexpectedly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Ons 15454 Sdh Multiservice Platform Software
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2016-9198 HIGH This Week

A vulnerability in the Active Directory integration component of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Identity Services Engine
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2016-9215 HIGH This Week

A vulnerability in Cisco IOS XR Software could allow an authenticated, local attacker to log in to the device with the privileges of the root user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Cisco Ios Xr
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-6470 HIGH This Week

A vulnerability in the installation procedure of the Cisco Hybrid Media Service could allow an authenticated, local attacker to elevate privileges to the root level. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Hybrid Media Service
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-6449 HIGH This Week

A vulnerability in the system management of certain FireAMP system processes in Cisco FireAMP Connector Endpoint software could allow an authenticated, local attacker to stop certain protected. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Denial Of Service Fireamp Connector Endpoint Software
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-6464 HIGH This Week

A vulnerability in the web management interface of the Cisco Unified Communications Manager IM and Presence Service could allow an unauthenticated, remote attacker to view information on web pages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unified Communications Manager Im And Presence Service
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2016-9201 HIGH This Week

A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to pass traffic that should otherwise have been dropped based. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure iOS
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2016-6469 HIGH This Week

A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) vulnerability due to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Web Security Appliance
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2016-9212 HIGH This Week

A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Web Security Appliance
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2016-9205 HIGH This Week

A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash, resulting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Denial Of Service Ios Xr
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-9193 HIGH This Week

A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Firesight System Software Secure Firewall Management Center
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-6474 HIGH This Week

A vulnerability in the implementation of X.509 Version 3 for SSH authentication functionality in Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Authentication Bypass iOS
NVD
CVSS 3.0
7.3
EPSS
0.3%
CVE-2016-9208 MEDIUM This Month

A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cisco Emergency Responder
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2016-9199 MEDIUM This Month

A vulnerability in the Cisco application-hosting framework (CAF) of Cisco IOx could allow an authenticated, remote attacker to read arbitrary files on a targeted system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Apple Cisco Iox
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2016-9207 MEDIUM This Month

A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Expressway
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2016-6471 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center running FireSIGHT System software could allow an authenticated, remote attacker to view the Remote Storage. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Firesight System Software
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2016-9204 MEDIUM This Month

A vulnerability in the Cisco Intercloud Fabric (ICF) Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Nexus 1000V Intercloud Firmware
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-6473 MEDIUM This Month

A vulnerability in Cisco IOS on Catalyst Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 2 network storm. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure iOS
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-9206 MEDIUM This Month

A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Communications Manager
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-9214 MEDIUM This Month

Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine Software
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-9202 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Email Security Appliance
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-9200 MEDIUM This Month

A vulnerability in the web framework code of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Prime Collaboration Assurance
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-1411 MEDIUM This Month

A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Information Disclosure Content Security Management Appliance Email Security Appliance Web Security Appliance
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-4443 MEDIUM PATCH This Month

Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Red Hat Information Disclosure Enterprise Virtualization
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-9209 MEDIUM This Month

A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated, remote attacker to download files that would normally be blocked. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco VMware Firepower Services For Adaptive Security Appliance
NVD
CVSS 3.0
4.3
EPSS
0.5%
CVE-2016-6465 MEDIUM This Month

A vulnerability in the content filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances and Cisco Web Security Appliances could allow an unauthenticated, remote attacker. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Email Security Appliance
NVD
CVSS 3.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy