Skip to main content
CVE-2017-2767 CRITICAL Act Now

EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.8% and no vendor patch available.

RCE Authentication Bypass Java Smarts Network Configuration Manager
NVD
CVSS 3.0
9.8
EPSS
10.8%
CVE-2017-2768 CRITICAL Act Now

EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smarts Network Configuration Manager
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2017-2766 CRITICAL PATCH Act Now

EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Documentum Eroom
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2016-6500 HIGH This Week

Unspecified methods in the RACF Connector component before 1.1.1.0 in ForgeRock OpenIDM and OpenICF improperly call the SearchControls constructor with returnObjFlag set to true, which allows remote. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Java Racf Connector
NVD
CVSS 3.0
8.1
EPSS
1.9%
CVE-2016-8211 HIGH This Week

EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Emc Data Protection Advisor
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2016-9108 HIGH This Week

Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Fedora Mujs
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2016-8212 HIGH This Week

An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 6.2.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bsafe Crypto J
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2016-9871 HIGH This Week

EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, EMC Isilon OneFS 7.1.0.x is affected by a privilege escalation vulnerability that could potentially. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Isilon Onefs
NVD
CVSS 3.0
7.2
EPSS
0.5%
CVE-2016-10165 HIGH PATCH This Week

The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Little Cms Color Engine Ubuntu Linux +17
NVD GitHub
CVSS 3.1
7.1
EPSS
0.9%
CVE-2017-3812 MEDIUM This Month

A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Cisco Industrial Ethernet 2000 Series Firmware
NVD
CVSS 3.0
6.8
EPSS
0.7%
CVE-2015-4049 MEDIUM This Month

Unisys Libra 43xx, 63xx, and 83xx, and FS600 class systems with MCP-FIRMWARE 40.0 before 40.0IC4 Build 270 might allow remote authenticated users to cause a denial of service (data corruption or. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Mcp Firmware
NVD
CVSS 3.0
6.8
EPSS
0.7%
CVE-2017-3824 MEDIUM This Month

A vulnerability in the handling of list headers in Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Denial Of Service Apple Cisco Ios Xe
NVD
CVSS 3.0
6.8
EPSS
0.5%
CVE-2016-6188 MEDIUM PATCH This Month

Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service (memory consumption) via a large number of attempts to upload a large attachment, related to temporary files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Sogo
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2016-6649 MEDIUM This Month

EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by multiple command injection vulnerabilities where a malicious administrator with. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Recoverpoint Recoverpoint For Virtual Machines
NVD VulDB
CVSS 3.0
6.7
EPSS
0.4%
CVE-2016-8216 MEDIUM This Month

EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Privilege Escalation Emc Data Domain Os
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2017-3820 MEDIUM This Month

A vulnerability in Simple Network Management Protocol (SNMP) functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 3.13.6S, 3.16.2S, or 3.17.1S could. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple Cisco Ios Xe
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2016-0890 MEDIUM This Month

EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath Virtual (Management) Appliance 2.0 SP1 is affected by a sensitive information disclosure vulnerability that may potentially be. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Powerpath Virtual Appliance
NVD
CVSS 3.0
6.4
EPSS
0.4%
CVE-2016-9873 MEDIUM This Month

EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Documentum D2
NVD
CVSS 3.0
6.3
EPSS
0.6%
CVE-2016-0919 MEDIUM This Month

EMC RSA Web Threat Detection version 5.0, RSA Web Threat Detection version 5.1, RSA Web Threat Detection version 5.1.2 has a cross site scripting vulnerability that could potentially be exploited by. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Web Threat Detection
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2016-9872 MEDIUM This Month

EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Documentum D2
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-3809 MEDIUM This Month

A vulnerability in the Policy deployment module of the Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Secure Firewall Management Center
NVD
CVSS 3.0
5.8
EPSS
0.3%
CVE-2017-3814 MEDIUM This Month

A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content, aka a URL Bypass. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Secure Firewall Management Center
NVD
CVSS 3.0
5.8
EPSS
0.2%
CVE-2017-3818 MEDIUM This Month

A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Email Security Appliance Firmware
NVD
CVSS 3.0
5.8
EPSS
0.2%
CVE-2016-8569 MEDIUM PATCH This Month

The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Libgit2 Fedora Leap +2
NVD GitHub
CVSS 3.0
5.5
EPSS
0.6%
CVE-2016-8568 MEDIUM PATCH This Month

The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Fedora Leap +3
NVD GitHub
CVSS 3.0
5.5
EPSS
0.5%
CVE-2016-5241 MEDIUM PATCH This Month

magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Graphicsmagick Debian Linux Leap Opensuse
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2016-4571 MEDIUM This Month

The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mini Xml Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2016-4570 MEDIUM This Month

The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mini Xml Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2016-4797 MEDIUM PATCH This Month

Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Openjpeg Fedora
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2016-4796 MEDIUM PATCH This Month

Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Openjpeg Fedora
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2016-2317 MEDIUM This Month

Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Graphicsmagick Debian Linux Linux Enterprise Debuginfo +4
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-2318 MEDIUM This Month

GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Graphicsmagick Debian Linux Linux Enterprise Debuginfo +4
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-9082 MEDIUM This Month

Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Cairo
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-6163 MEDIUM PATCH This Month

The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Librsvg
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-5115 MEDIUM This Month

The avcodec_decode_audio4 function in libavcodec in libavformat 57.34.103, as used in MPlayer, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libavformat
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-4352 MEDIUM This Month

Integer overflow in the demuxer function in libmpdemux/demux_gif.c in Mplayer allows remote attackers to cause a denial of service (crash) via large dimensions in a gif file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Libavformat
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-9642 MEDIUM This Month

JavaScriptCore in WebKit allows attackers to cause a denial of service (out-of-bounds heap read) via a crafted Javascript file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apple Information Disclosure Webkit
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-3183 MEDIUM PATCH This Month

The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Openjpeg
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-3810 MEDIUM This Month

A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a web URL redirect attack against a user who is logged in to an affected. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Cisco Prime Service Catalog
NVD
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-3822 MEDIUM This Month

A vulnerability in the logging subsystem of the Cisco Firepower Threat Defense (FTD) Firepower Device Manager (FDM) could allow an unauthenticated, remote attacker to add arbitrary entries to the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Firepower Threat Defense
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2017-3806 MEDIUM This Month

A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Firepower Threat Defense
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2016-6648 MEDIUM This Month

EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Recoverpoint Recoverpoint For Virtual Machines
NVD VulDB
CVSS 3.0
4.4
EPSS
0.1%
CVE-2016-8217 LOW Monitor

EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing Attack Vulnerability. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Bsafe Crypto J
NVD
CVSS 3.1
3.7
EPSS
0.3%
CVE-2016-9085 LOW PATCH Monitor

Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Integer Overflow Buffer Overflow Libwebp Fedora
NVD
CVSS 3.1
3.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy