Skip to main content
CVE-2017-3791 CRITICAL Act Now

A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.2% and no vendor patch available.

Cisco Authentication Bypass Cisco Prime Home
NVD
CVSS 3.0
10.0
EPSS
12.2%
CVE-2016-6082 CRITICAL PATCH Act Now

IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption IBM Use After Free RCE Bigfix Platform
NVD
CVSS 3.0
10.0
EPSS
7.4%
CVE-2016-10164 CRITICAL PATCH Act Now

Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Denial Of Service Libxpm
NVD
CVSS 3.0
9.8
EPSS
3.7%
CVE-2017-3792 CRITICAL Act Now

A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Cisco Telepresence Mcu Software
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2016-8938 CRITICAL PATCH Act Now

IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass File Upload Urbancode Deploy
NVD
CVSS 3.0
10.0
EPSS
0.8%
CVE-2016-6090 CRITICAL PATCH Act Now

IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Websphere Commerce
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2016-5964 CRITICAL PATCH Act Now

IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Authentication Bypass Security Privileged Identity Manager
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2016-2908 CRITICAL PATCH Act Now

IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service XXE IBM Security Access Manager 9 0 Firmware Security Access Manager For Mobile 8 0 Firmware +1
NVD
CVSS 3.0
9.1
EPSS
0.9%
CVE-2016-8491 CRITICAL Act Now

The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fortinet Fortiwlc
NVD
CVSS 3.0
9.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy