Skip to main content
CVE-2016-2539 HIGH POC PATCH This Week

Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF PHP Atutor
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
0.1%
CVE-2015-7599 HIGH This Week

Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Integer Overflow RCE Denial Of Service Vxworks
NVD
CVSS 3.0
8.1
EPSS
8.2%
CVE-2015-8322 HIGH PATCH This Week

NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Data Ontap
NVD
CVSS 3.0
8.8
EPSS
2.3%
CVE-2016-1894 HIGH PATCH This Week

NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oncommand Workflow Automation
NVD
CVSS 3.0
8.1
EPSS
0.7%
CVE-2016-3180 HIGH This Week

Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the initial run, allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Tor Browser Launcher
NVD GitHub
CVSS 3.0
8.1
EPSS
0.7%
CVE-2016-1504 HIGH PATCH This Week

dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the option length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Dhcpcd
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2016-6131 HIGH PATCH This Week

The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libiberty
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2016-2779 HIGH This Week

runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Util Linux
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2014-9914 HIGH PATCH This Week

Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Race Condition Linux Linux Kernel Android
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2016-10044 HIGH PATCH This Week

The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Privilege Escalation Linux Kernel Android
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2016-6104 HIGH PATCH This Week

IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE IBM File Upload Security Key Lifecycle Manager
NVD
CVSS 3.0
7.2
EPSS
2.4%
CVE-2016-3063 HIGH PATCH This Week

Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Information Disclosure Oncommand System Manager
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-7164 HIGH PATCH This Week

The construct function in puff.cpp in Libtorrent 1.1.0 allows remote torrent trackers to cause a denial of service (segmentation fault and crash) via a crafted GZIP response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libtorrent
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-4341 HIGH PATCH This Week

NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Clustered Data Ontap
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-8544 HIGH This Week

NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1 allows remote attackers to obtain sensitive information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Snapdrive
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-1502 HIGH PATCH This Week

NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Snapcenter Server
NVD
CVSS 3.0
7.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy