Skip to main content
CVE-2016-6255 HIGH POC PATCH THREAT Act Now

Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 54.1%.

Authentication Bypass Debian Linux Libupnp
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
54.1%
Threat
4.6
CVE-2016-6240 HIGH POC This Week

Integer truncation error in the amap_alloc function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Openbsd
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-6241 HIGH POC This Week

Integer overflow in the amap_alloc1 function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Openbsd
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-6244 HIGH POC This Week

The sys_thrsigdivert function in kern/kern_sig.c in the OpenBSD kernel 5.9 allows remote attackers to cause a denial of service (panic) via a negative "ts.tv_sec" value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Openbsd
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2016-9726 HIGH PATCH This Week

IBM QRadar Incident Forensics 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Qradar Incident Forensics Qradar Security Information And Event Manager
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2016-8940 HIGH PATCH This Week

IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Tivoli Storage Manager
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2016-9164 HIGH This Week

Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Unified Infrastructure Management
NVD
CVSS 3.0
7.5
EPSS
6.4%
CVE-2016-9727 HIGH PATCH This Week

IBM QRadar 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

IBM Information Disclosure Qradar Incident Forensics Qradar Security Information And Event Manager
NVD
CVSS 3.0
8.5
EPSS
0.4%
CVE-2016-9724 HIGH PATCH This Week

IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE IBM Qradar Security Information And Event Manager
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2016-9643 HIGH This Week

{-2,16} and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Webkit
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2016-9740 HIGH PATCH This Week

IBM QRadar 7.2 could allow a remote attacker to consume all resources on the server due to not properly restricting the size or amount of resources requested by an actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2016-4950 HIGH This Week

Cloudera Manager 5.5 and earlier allows remote attackers to enumerate user sessions via a request to /api/v11/users/sessions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Manager
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-4949 HIGH This Week

Cloudera Manager 5.5 and earlier allows remote attackers to obtain sensitive information via a (1) stderr.log or (2) stdout.log value in the filename parameter to /cmf/process/<process_id>/logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Manager
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-5681 HIGH PATCH This Week

The RSA-CRT implementation in the Intel QuickAssist Technology (QAT) Engine for OpenSSL versions prior to 0.5.19 may allow remote attackers to obtain private RSA keys by conducting a Lenstra. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Intel OpenSSL Information Disclosure Quickassist Technology Engine
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-9728 HIGH PATCH This Week

IBM Qradar 7.2 is vulnerable to SQL injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi IBM Qradar Security Information And Event Manager
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-2636 HIGH PATCH This Week

Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. Rated high severity (CVSS 7.0).

Denial Of Service Race Condition Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2016-10200 HIGH PATCH This Week

Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind. Rated high severity (CVSS 7.0).

Denial Of Service Linux Privilege Escalation Linux Kernel Android
NVD GitHub
CVSS 3.1
7.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy