Skip to main content
CVE-2016-9463 HIGH POC PATCH This Week

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Nextcloud Authentication Bypass Nextcloud Server Owncloud
NVD GitHub
CVSS 3.0
8.1
EPSS
3.9%
CVE-2016-9469 HIGH POC PATCH This Week

Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Gitlab Information Disclosure
NVD
CVSS 3.0
8.2
EPSS
0.1%
CVE-2016-9456 HIGH PATCH This Week

Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Revive Adserver
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-9127 HIGH PATCH This Week

Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Revive Adserver
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-9455 HIGH PATCH This Week

Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF PHP Revive Adserver
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-6964 HIGH This Week

dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ubuntu Debian Information Disclosure Ubuntu Linux Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2016-9122 HIGH PATCH This Week

go-jose before 1.0.4 suffers from multiple signatures exploitation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Go Jose
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-9123 HIGH PATCH GHSA This Week

go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Authentication Bypass Go Jose
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-8031 HIGH PATCH This Week

Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local users to bypass local security protection via a crafted input file. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Intel Privilege Escalation Anti Malware Scan Engine
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2017-7277 HIGH PATCH This Week

The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy