| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1089 | Cri | 0.64 | 9.8 | 0.06 | Oct 13, 2016 | Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified… | ||
| CVE-2016-8565 | Cri | 0.59 | 9.1 | 0.03 | Oct 13, 2016 | Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets. | ||
| CVE-2016-7117 | Cri | 0.66 | 9.8 | 0.24 | Oct 10, 2016 | Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing. | ||
| CVE-2016-6696 | Cri | 0.64 | 9.8 | 0.01 | Oct 10, 2016 | sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via a large negative value for the data length, aka Qualcomm internal bug CR 1041130. | ||
| CVE-2016-6695 | Cri | 0.64 | 9.8 | 0.01 | Oct 10, 2016 | sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted visualizer data length, aka Qualcomm internal bug CR 1033540. | ||
| CVE-2016-6694 | Cri | 0.64 | 9.8 | 0.01 | Oct 10, 2016 | sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via crafted parameter data, aka Qualcomm internal bug CR 1033525. | ||
| CVE-2016-6693 | Cri | 0.64 | 9.8 | 0.01 | Oct 10, 2016 | sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via an invalid data length, aka Qualcomm internal bug CR 1027585. | ||
| CVE-2016-6692 | Cri | 0.64 | 9.8 | 0.01 | Oct 10, 2016 | drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm MDSS driver in Android before 2016-10-05 allows attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via unknown vectors, aka Qualcomm internal bug CR 1004933. | ||
| CVE-2016-6691 | Cri | 0.64 | 9.8 | 0.01 | Oct 10, 2016 | service/jni/com_android_server_wifi_Gbk2Utf.cpp in the Qualcomm Wi-Fi gbk2utf module in Android before 2016-10-05 allows remote attackers to cause a denial of service (framework crash) or possibly have unspecified other impact via an access point that has a malformed SSID with… | ||
| CVE-2016-5343 | Cri | 0.64 | 9.8 | 0.03 | Oct 10, 2016 | drivers/soc/qcom/qdsp6v2/voice_svc.c in the QDSP6v2 Voice Service driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (memory corruption) or possibly… | ||
| CVE-2016-3929 | Cri | 0.64 | 9.8 | 0.01 | Oct 10, 2016 | Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5X and 6P devices has unknown impact and attack vectors, aka internal bug 28823675. | ||
| CVE-2016-3927 | Cri | 0.64 | 9.8 | 0.01 | Oct 10, 2016 | Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5X and 6P devices has unknown impact and attack vectors, aka internal bug 28823244. | ||
| CVE-2016-3926 | Cri | 0.64 | 9.8 | 0.01 | Oct 10, 2016 | Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5, 5X, 6, and 6P devices has unknown impact and attack vectors, aka internal bug 28823953. | ||
| CVE-2016-1000003 | Cri | 0.57 | 9.8 | 0.03 | Oct 7, 2016 | Mirror Manager version 0.7.2 and older is vulnerable to remote code execution in the checkin code. | ||
| CVE-2016-7167 | Cri | 0.65 | 9.8 | 0.12 | Oct 7, 2016 | Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow. | ||
| CVE-2016-1000217 | Cri | 0.64 | 9.8 | 0.06 | Oct 6, 2016 | Zotpress plugin for WordPress SQLi in zp_get_account() | ||
| CVE-2016-1000125 | Cri | 0.67 | 9.8 | 0.03 | Oct 6, 2016 | Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla | ||
| CVE-2016-1000124 | Cri | 0.67 | 9.8 | 0.03 | Oct 6, 2016 | Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6 | ||
| CVE-2016-1000123 | Cri | 0.67 | 9.8 | 0.04 | Oct 6, 2016 | Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla | ||
| CVE-2016-1000113 | Cri | 0.64 | 9.8 | 0.03 | Oct 6, 2016 | XSS and SQLi in huge IT gallery v1.1.5 for Joomla | ||
| CVE-2016-1000112 | Cri | 0.60 | 9.1 | 0.09 | Oct 6, 2016 | Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin | ||
| CVE-2015-1000011 | Cri | 0.64 | 9.8 | 0.03 | Oct 6, 2016 | Blind SQL Injection in wordpress plugin dukapress v2.5.9 | ||
| CVE-2015-1000009 | Cri | 0.59 | 9.1 | 0.02 | Oct 6, 2016 | Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05 | ||
| CVE-2015-1000003 | Cri | 0.64 | 9.8 | 0.03 | Oct 6, 2016 | Blind SQL Injection in filedownload v1.4 wordpress plugin | ||
| CVE-2015-1000001 | Cri | 0.64 | 9.8 | 0.03 | Oct 6, 2016 | Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin | ||
| CVE-2015-1000000 | Cri | 0.64 | 9.8 | 0.03 | Oct 6, 2016 | Remote file upload vulnerability in mailcwp v1.99 wordpress plugin | ||
| CVE-2016-1453 | Cri | 0.64 | 9.8 | 0.08 | Oct 6, 2016 | Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via long parameters in a packet header, aka Bug ID CSCuy95701. | ||
| CVE-2016-7560 | Cri | 0.64 | 9.8 | 0.03 | Oct 5, 2016 | The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors. | ||
| CVE-2016-7435 | Cri | 0.59 | 9.1 | 0.03 | Oct 5, 2016 | The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL… | ||
| CVE-2016-7161 | Cri | 0.64 | 9.8 | 0.06 | Oct 5, 2016 | Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet. | ||
| CVE-2016-5745 | Cri | 0.64 | 9.8 | 0.05 | Oct 5, 2016 | F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF11, 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2 allow remote attackers to modify or extract system… | ||
| CVE-2016-5686 | Cri | 0.64 | 9.8 | 0.05 | Oct 5, 2016 | Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol. | ||
| CVE-2016-5086 | Cri | 0.64 | 9.8 | 0.05 | Oct 5, 2016 | Johnson & Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks. | ||
| CVE-2014-5415 | Cri | 0.59 | 9.1 | 0.04 | Oct 5, 2016 | Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service. | ||
| CVE-2014-5414 | Cri | 0.60 | 9.1 | 0.05 | Oct 5, 2016 | Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | ||
| CVE-2016-6646 | Cri | 0.64 | 9.8 | 0.05 | Oct 5, 2016 | The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote attackers to execute arbitrary code via crafted input to the (1) GetSymmCmdRequest or (2) RemoteServiceHandler… | ||
| CVE-2016-0913 | Cri | 0.64 | 9.8 | 0.03 | Oct 5, 2016 | The client in EMC Replication Manager (RM) before 5.5.3.0_01-PatchHotfix, EMC Network Module for Microsoft 3.x, and EMC Networker Module for Microsoft 8.2.x before 8.2.3.6 allows remote RM servers to execute arbitrary commands by placing a crafted script in an SMB share. | ||
| CVE-2016-8276 | Cri | 0.64 | 9.8 | 0.06 | Oct 3, 2016 | Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a… | ||
| CVE-2015-1832 | Cri | 0.60 | 9.1 | 0.12 | Oct 3, 2016 | XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving… | ||
| CVE-2016-7405 | — | Cri | 0.57 | 9.8 | 0.03 | Oct 3, 2016 | The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting. | |
| CVE-2016-5019 | Cri | 0.64 | 9.8 | 0.08 | Oct 3, 2016 | CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string. | ||
| CVE-2016-1243 | Cri | 0.64 | 9.8 | 0.05 | Oct 3, 2016 | Stack-based buffer overflow in the extractTree function in unADF allows remote attackers to execute arbitrary code via a long pathname. | ||
| CVE-2016-5700 | Cri | 0.64 | 9.8 | 0.06 | Oct 3, 2016 | Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2, when configured with the HTTP Explicit Proxy functionality or SOCKS profile, allow remote attackers… | ||
| CVE-2016-5180 | Cri | 0.64 | 9.8 | 0.09 | Oct 3, 2016 | Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot. | ||
| CVE-2016-4436 | Cri | 0.57 | 9.8 | 0.07 | Oct 3, 2016 | Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up. | ||
| CVE-2016-6637 | Cri | 0.55 | 9.6 | 0.01 | Sep 30, 2016 | Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x… | ||
| CVE-2016-5062 | Cri | 0.64 | 9.8 | 0.04 | Sep 29, 2016 | The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans. | ||
| CVE-2016-7568 | Cri | 0.64 | 9.8 | 0.05 | Sep 28, 2016 | Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via… | ||
| CVE-2016-6330 | Cri | 0.65 | 9.8 | 0.11 | Sep 27, 2016 | The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability… | ||
| CVE-2016-6137 | Cri | 0.64 | 9.8 | 0.05 | Sep 27, 2016 | An unspecified function in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands via unknown vectors, aka SAP Security Note 2203591. |
- risk 0.64cvss 9.8epss 0.06
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified…
- risk 0.59cvss 9.1epss 0.03
Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets.
- risk 0.66cvss 9.8epss 0.24
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
- risk 0.64cvss 9.8epss 0.01
sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via a large negative value for the data length, aka Qualcomm internal bug CR 1041130.
- risk 0.64cvss 9.8epss 0.01
sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted visualizer data length, aka Qualcomm internal bug CR 1033540.
- risk 0.64cvss 9.8epss 0.01
sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via crafted parameter data, aka Qualcomm internal bug CR 1033525.
- risk 0.64cvss 9.8epss 0.01
sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via an invalid data length, aka Qualcomm internal bug CR 1027585.
- risk 0.64cvss 9.8epss 0.01
drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm MDSS driver in Android before 2016-10-05 allows attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via unknown vectors, aka Qualcomm internal bug CR 1004933.
- risk 0.64cvss 9.8epss 0.01
service/jni/com_android_server_wifi_Gbk2Utf.cpp in the Qualcomm Wi-Fi gbk2utf module in Android before 2016-10-05 allows remote attackers to cause a denial of service (framework crash) or possibly have unspecified other impact via an access point that has a malformed SSID with…
- risk 0.64cvss 9.8epss 0.03
drivers/soc/qcom/qdsp6v2/voice_svc.c in the QDSP6v2 Voice Service driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (memory corruption) or possibly…
- risk 0.64cvss 9.8epss 0.01
Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5X and 6P devices has unknown impact and attack vectors, aka internal bug 28823675.
- risk 0.64cvss 9.8epss 0.01
Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5X and 6P devices has unknown impact and attack vectors, aka internal bug 28823244.
- risk 0.64cvss 9.8epss 0.01
Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5, 5X, 6, and 6P devices has unknown impact and attack vectors, aka internal bug 28823953.
- risk 0.57cvss 9.8epss 0.03
Mirror Manager version 0.7.2 and older is vulnerable to remote code execution in the checkin code.
- risk 0.65cvss 9.8epss 0.12
Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.
- risk 0.64cvss 9.8epss 0.06
Zotpress plugin for WordPress SQLi in zp_get_account()
- risk 0.67cvss 9.8epss 0.03
Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla
- risk 0.67cvss 9.8epss 0.03
Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6
- risk 0.67cvss 9.8epss 0.04
Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla
- risk 0.64cvss 9.8epss 0.03
XSS and SQLi in huge IT gallery v1.1.5 for Joomla
- risk 0.60cvss 9.1epss 0.09
Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin
- risk 0.64cvss 9.8epss 0.03
Blind SQL Injection in wordpress plugin dukapress v2.5.9
- risk 0.59cvss 9.1epss 0.02
Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05
- risk 0.64cvss 9.8epss 0.03
Blind SQL Injection in filedownload v1.4 wordpress plugin
- risk 0.64cvss 9.8epss 0.03
Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin
- risk 0.64cvss 9.8epss 0.03
Remote file upload vulnerability in mailcwp v1.99 wordpress plugin
- risk 0.64cvss 9.8epss 0.08
Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via long parameters in a packet header, aka Bug ID CSCuy95701.
- risk 0.64cvss 9.8epss 0.03
The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors.
- risk 0.59cvss 9.1epss 0.03
The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL…
- risk 0.64cvss 9.8epss 0.06
Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet.
- risk 0.64cvss 9.8epss 0.05
F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF11, 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2 allow remote attackers to modify or extract system…
- risk 0.64cvss 9.8epss 0.05
Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol.
- risk 0.64cvss 9.8epss 0.05
Johnson & Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks.
- risk 0.59cvss 9.1epss 0.04
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service.
- risk 0.60cvss 9.1epss 0.05
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
- risk 0.64cvss 9.8epss 0.05
The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote attackers to execute arbitrary code via crafted input to the (1) GetSymmCmdRequest or (2) RemoteServiceHandler…
- risk 0.64cvss 9.8epss 0.03
The client in EMC Replication Manager (RM) before 5.5.3.0_01-PatchHotfix, EMC Network Module for Microsoft 3.x, and EMC Networker Module for Microsoft 8.2.x before 8.2.3.6 allows remote RM servers to execute arbitrary commands by placing a crafted script in an SMB share.
- risk 0.64cvss 9.8epss 0.06
Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600, when CHAP authentication is configured on the server, allows remote attackers to cause a…
- risk 0.60cvss 9.1epss 0.12
XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving…
- risk 0.57cvss 9.8epss 0.03
The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.
- risk 0.64cvss 9.8epss 0.08
CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string.
- risk 0.64cvss 9.8epss 0.05
Stack-based buffer overflow in the extractTree function in unADF allows remote attackers to execute arbitrary code via a long pathname.
- risk 0.64cvss 9.8epss 0.06
Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2, when configured with the HTTP Explicit Proxy functionality or SOCKS profile, allow remote attackers…
- risk 0.64cvss 9.8epss 0.09
Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.
- risk 0.57cvss 9.8epss 0.07
Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up.
- risk 0.55cvss 9.6epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x…
- risk 0.64cvss 9.8epss 0.04
The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans.
- risk 0.64cvss 9.8epss 0.05
Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via…
- risk 0.65cvss 9.8epss 0.11
The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability…
- risk 0.64cvss 9.8epss 0.05
An unspecified function in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands via unknown vectors, aka SAP Security Note 2203591.