Skip to main content
CVE-2016-8749 CRITICAL POC PATCH THREAT Act Now

Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.2%.

Deserialization Apache RCE Camel
NVD GitHub
CVSS 3.0
9.8
EPSS
12.2%
CVE-2014-6440 CRITICAL POC PATCH Act Now

VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Denial Of Service Vlc
NVD
CVSS 3.0
9.8
EPSS
5.3%
CVE-2016-9463 HIGH POC PATCH This Week

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Nextcloud Authentication Bypass Nextcloud Server Owncloud
NVD GitHub
CVSS 3.0
8.1
EPSS
3.9%
CVE-2016-9469 HIGH POC PATCH This Week

Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Gitlab Information Disclosure
NVD
CVSS 3.0
8.2
EPSS
0.1%
CVE-2017-0882 MEDIUM POC PATCH This Month

Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Gitlab Authentication Bypass
NVD
CVSS 3.0
6.3
EPSS
0.2%
CVE-2016-9459 MEDIUM POC PATCH This Month

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Nextcloud XSS Microsoft Information Disclosure Mozilla +2
NVD GitHub
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-9466 MEDIUM POC PATCH This Month

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Nextcloud Nextcloud Server Owncloud
NVD GitHub
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-10152 CRITICAL PATCH Act Now

The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Hesiod
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2016-9125 CRITICAL PATCH Act Now

Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Session Fixation Information Disclosure Revive Adserver
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
CVE-2016-6807 CRITICAL PATCH Act Now

Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ambari
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2016-9124 CRITICAL PATCH Act Now

Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Revive Adserver
NVD GitHub
CVSS 3.0
9.8
EPSS
0.8%
CVE-2016-9467 MEDIUM POC PATCH This Month

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Nextcloud Information Disclosure Nextcloud Server Owncloud
NVD GitHub
CVSS 3.0
5.3
EPSS
1.0%
CVE-2016-9465 MEDIUM POC PATCH This Month

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Nextcloud Nextcloud Server Owncloud
NVD GitHub
CVSS 3.0
5.4
EPSS
0.5%
CVE-2016-9460 MEDIUM POC PATCH This Month

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Nextcloud Information Disclosure Owncloud
NVD GitHub
CVSS 3.0
5.3
EPSS
0.4%
CVE-2016-9468 MEDIUM POC PATCH This Month

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Nextcloud Information Disclosure Nextcloud Server Owncloud
NVD GitHub
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-9121 CRITICAL PATCH Act Now

go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Go Jose
NVD GitHub
CVSS 3.0
9.1
EPSS
0.2%
CVE-2016-9470 CRITICAL PATCH Act Now

Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Revive Adserver
NVD GitHub
CVSS 3.0
9.0
EPSS
0.5%
CVE-2016-9473 MEDIUM POC This Month

Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Apple Information Disclosure Browser
NVD GitHub
CVSS 3.1
4.7
EPSS
0.7%
CVE-2016-9456 HIGH PATCH This Week

Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Revive Adserver
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-9127 HIGH PATCH This Week

Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Revive Adserver
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-9455 HIGH PATCH This Week

Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF PHP Revive Adserver
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-9461 MEDIUM POC PATCH This Month

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Nextcloud Information Disclosure Nextcloud Server Owncloud
NVD GitHub
CVSS 3.0
4.3
EPSS
0.8%
CVE-2016-9462 MEDIUM POC PATCH This Month

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Nextcloud Information Disclosure Nextcloud Server Owncloud
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%
CVE-2016-9464 MEDIUM POC PATCH This Month

Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Nextcloud Authentication Bypass Nextcloud Server
NVD GitHub
CVSS 3.0
4.3
EPSS
0.3%
CVE-2017-6964 HIGH This Week

dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ubuntu Debian Information Disclosure Ubuntu Linux Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2016-9122 HIGH PATCH This Week

go-jose before 1.0.4 suffers from multiple signatures exploitation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Go Jose
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-9123 HIGH PATCH GHSA This Week

go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Authentication Bypass Go Jose
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-8031 HIGH PATCH This Week

Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local users to bypass local security protection via a crafted input file. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Intel Privilege Escalation Anti Malware Scan Engine
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2017-7277 HIGH PATCH This Week

The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
7.1
EPSS
0.1%
CVE-2016-8884 MEDIUM PATCH This Month

The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Jasper Fedora
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2016-9472 MEDIUM PATCH This Month

Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Revive Adserver
NVD GitHub
CVSS 3.0
5.4
EPSS
0.4%
CVE-2016-9454 MEDIUM PATCH This Month

Revive Adserver before 3.2.3 suffers from Persistent XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Revive Adserver
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9128 MEDIUM PATCH This Month

Revive Adserver before 3.2.3 suffers from reflected XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Revive Adserver
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9130 MEDIUM PATCH This Month

Revive Adserver before 3.2.3 suffers from Persistent XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Revive Adserver
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9126 MEDIUM PATCH This Month

Revive Adserver before 3.2.3 suffers from persistent XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Revive Adserver
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-9457 MEDIUM PATCH This Month

Revive Adserver before 3.2.3 suffers from Reflected XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Revive Adserver
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-9129 MEDIUM PATCH This Month

Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Revive Adserver
NVD GitHub
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-0881 MEDIUM PATCH This Month

An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Zulip Server
NVD GitHub
CVSS 3.0
4.3
EPSS
0.2%
CVE-2016-9471 LOW PATCH Monitor

Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

Code Injection Revive Adserver
NVD GitHub
CVSS 3.0
3.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy