Skip to main content
CVE-2017-3823 HIGH POC THREAT Act Now

An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.4%.

Buffer Overflow RCE Microsoft Google Cisco +8
NVD
CVSS 3.0
8.8
EPSS
80.4%
Threat
5.7
CVE-2016-10079 HIGH POC THREAT Act Now

SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.9%.

Denial Of Service Microsoft SAP Saplpd
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
13.9%
CVE-2017-5630 HIGH POC This Week

PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pear
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
5.1%
CVE-2017-3791 CRITICAL Act Now

A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.2% and no vendor patch available.

Cisco Authentication Bypass Cisco Prime Home
NVD
CVSS 3.0
10.0
EPSS
12.2%
CVE-2016-3053 HIGH POC This Week

IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

IBM Privilege Escalation Aix
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
3.0%
CVE-2016-10173 HIGH POC PATCH This Week

Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Archive Tar Minitar Minitar
NVD GitHub
CVSS 3.0
7.5
EPSS
2.9%
CVE-2016-6082 CRITICAL PATCH Act Now

IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption IBM Use After Free RCE Bigfix Platform
NVD
CVSS 3.0
10.0
EPSS
7.4%
CVE-2016-10164 CRITICAL PATCH Act Now

Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Denial Of Service Libxpm
NVD
CVSS 3.0
9.8
EPSS
3.7%
CVE-2017-3792 CRITICAL Act Now

A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Cisco Telepresence Mcu Software
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2016-8938 CRITICAL PATCH Act Now

IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass File Upload Urbancode Deploy
NVD
CVSS 3.0
10.0
EPSS
0.8%
CVE-2016-6090 CRITICAL PATCH Act Now

IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Websphere Commerce
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2016-5964 CRITICAL PATCH Act Now

IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Security Privileged Identity Manager
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2016-8921 HIGH This Week

IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE IBM File Upload Filenet Workplace Xt
NVD
CVSS 3.0
8.8
EPSS
2.7%
CVE-2016-6124 HIGH This Week

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE IBM File Upload Kenexa Lms On Cloud
NVD
CVSS 3.0
8.8
EPSS
2.7%
CVE-2016-2908 CRITICAL PATCH Act Now

IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service XXE IBM Security Access Manager 9 0 Firmware Security Access Manager For Mobile 8 0 Firmware +1
NVD
CVSS 3.0
9.1
EPSS
0.9%
CVE-2016-8932 HIGH PATCH This Week

IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE IBM Authentication Bypass Kenexa Lms
NVD
CVSS 3.0
8.8
EPSS
2.1%
CVE-2016-8931 HIGH PATCH This Week

IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE IBM Authentication Bypass Kenexa Lms
NVD
CVSS 3.0
8.8
EPSS
2.1%
CVE-2016-8491 CRITICAL Act Now

The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiwlc
NVD
CVSS 3.0
9.1
EPSS
0.3%
CVE-2016-9225 HIGH This Week

A vulnerability in the data plane IP fragment handler of the Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Asa Cx Context Aware Security Software
NVD
CVSS 3.0
8.6
EPSS
1.8%
CVE-2016-5952 HIGH PATCH This Week

IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Kenexa Lcms Premier
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2016-3029 HIGH PATCH This Week

IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Security Access Manager 9 0 Firmware Security Access Manager For Mobile 8 0 Firmware Security Access Manager For Web 8 0 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-8941 HIGH PATCH This Week

IBM Tivoli Storage Productivity Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Spectrum Control Tivoli Storage Productivity Center
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-6045 HIGH PATCH This Week

IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Tivoli Storage Manager
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-5937 HIGH PATCH This Week

IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Kenexa Lcms Premier
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-3790 HIGH This Week

A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Expressway Telepresence Video Communication Server
NVD
CVSS 3.0
8.6
EPSS
0.3%
CVE-2016-6105 HIGH PATCH This Week

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Security Key Lifecycle Manager
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2016-0396 HIGH PATCH This Week

IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

IBM Command Injection Bigfix Platform
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2016-8980 HIGH This Week

IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service XXE IBM License Metric Tool Bigfix Inventory
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2016-6059 HIGH PATCH This Week

IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM Infosphere Datastage Infosphere Information Server +1
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2016-6115 HIGH PATCH This Week

IBM General Parallel File System is vulnerable to a buffer overflow. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow RCE IBM General Parallel File System Spectrum Scale
NVD
CVSS 3.0
7.2
EPSS
3.9%
CVE-2016-6065 HIGH PATCH This Week

IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Security Guardium
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-5985 HIGH PATCH This Week

The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow RCE IBM Tivoli Storage Manager
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-9739 HIGH PATCH This Week

IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Authentication Bypass Security Identity Manager
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-4038 HIGH This Week

Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Samsung Information Disclosure Samsung Mobile
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-8919 HIGH PATCH This Week

IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Websphere Application Server
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2016-8930 HIGH PATCH This Week

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Kenexa Lms
NVD
CVSS 3.0
7.6
EPSS
0.4%
CVE-2016-8928 HIGH PATCH This Week

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Kenexa Lms
NVD
CVSS 3.0
7.6
EPSS
0.4%
CVE-2016-6068 HIGH PATCH This Week

IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Urbancode Deploy
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-9008 HIGH PATCH This Week

IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Urbancode Deploy
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-5958 HIGH PATCH This Week

IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Privileged Identity Manager
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-3017 HIGH PATCH This Week

IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfigurations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Access Manager 9 0 Firmware Security Access Manager For Mobile 8 0 Firmware Security Access Manager For Web 7 0 Firmware +1
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-2942 HIGH PATCH This Week

IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

IBM Authentication Bypass Urbancode Deploy
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-6042 HIGH PATCH This Week

IBM AppScan Enterprise Edition could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of objects in memory. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE IBM Security Appscan
NVD
CVSS 3.0
7.3
EPSS
0.8%
CVE-2016-6043 HIGH PATCH This Week

Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced. Rated high severity (CVSS 7.0).

Session Fixation Information Disclosure Tivoli Storage Manager
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2016-6034 MEDIUM PATCH This Month

IBM Tivoli Storage Manager for Virtual Environments (VMware) could disclose the Windows domain credentials to a user with a high level of privileges. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft IBM VMware Information Disclosure Tivoli Storage Manager For Virtual Environments Data Protection For Vmware
NVD
CVSS 3.0
6.8
EPSS
0.3%
CVE-2016-8933 MEDIUM PATCH This Month

IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Kenexa Lms
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2016-8913 MEDIUM This Month

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal IBM Kenexa Lms On Cloud
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2016-6126 MEDIUM This Month

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal IBM Kenexa Lms On Cloud
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2016-3027 MEDIUM PATCH This Month

IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM Security Access Manager 9 0 Firmware Security Access Manager For Mobile 8 0 Firmware +1
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2016-5994 MEDIUM PATCH This Month

IBM InfoSphere Information Server contains a vulnerability that would allow an authenticated user to browse any file on the engine tier, and examine its contents. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.0
6.5
EPSS
0.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy