Latest CVE Feed
-
7.5
HIGHCVE-2016-4817
lib/http2/connection.c in H2O before 1.7.3 and 2.x before 2.0.0-beta5 mishandles HTTP/2 disconnection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted packe... Read more
- EPSS Score: %7.96
- Published: Jun. 19, 2016
- Modified: Apr. 12, 2025
-
6.5
MEDIUMCVE-2016-4816
BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices allow remote attackers to discover credentials and other sensitive information via unspecified vectors.... Read more
- EPSS Score: %0.38
- Published: Jun. 19, 2016
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2016-4815
Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files via unspecified vectors.... Read more
Affected Products : wzr-900dhp_firmware wzr-600dhp2_firmware wzr-600dhp3_firmware wzr-900dhp2_firmware wzr-s600dhp_firmware wzr-s900dhp_firmware wzr-900dhp2 wzr-600dhp3 wzr-s900dhp wzr-s600dhp +2 more products- EPSS Score: %0.39
- Published: Jun. 19, 2016
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2016-4814
Directory traversal vulnerability in kml2jsonp.php in Geospatial Information Authority of Japan (aka GSI) Old_GSI_Maps before January 2015 on Windows allows remote attackers to read arbitrary files via unspecified vectors.... Read more
Affected Products : old_gsi_maps- EPSS Score: %0.36
- Published: Jun. 19, 2016
- Modified: Apr. 12, 2025
-
9.0
HIGHCVE-2016-4813
NetCommons 2.4.2.1 and earlier allows remote authenticated secretariat (aka CLERK) users to gain privileges by creating a SYSTEM_ADMIN account.... Read more
Affected Products : netcommons- EPSS Score: %0.49
- Published: Jun. 19, 2016
- Modified: Apr. 12, 2025
-
8.0
HIGHCVE-2016-4371
HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the ... Read more
- EPSS Score: %0.07
- Published: Jun. 19, 2016
- Modified: Apr. 12, 2025
-
6.5
MEDIUMCVE-2016-1424
Cisco IOS 15.2(1)T1.11 and 15.2(2)TST allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun63132.... Read more
Affected Products : ios- EPSS Score: %0.24
- Published: Jun. 19, 2016
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2016-1397
Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote authenticated users to cause a denial o... Read more
- EPSS Score: %0.51
- Published: Jun. 19, 2016
- Modified: Apr. 12, 2025
-
6.1
MEDIUMCVE-2016-1396
Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to i... Read more
- EPSS Score: %0.25
- Published: Jun. 19, 2016
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2016-1395
The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted ... Read more
- EPSS Score: %1.21
- Published: Jun. 19, 2016
- Modified: Apr. 12, 2025
-
6.1
MEDIUMCVE-2016-1224
CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors.... Read more
- EPSS Score: %0.48
- Published: Jun. 19, 2016
- Modified: Apr. 12, 2025
-
5.3
MEDIUMCVE-2016-1223
Directory traversal vulnerability in Trend Micro Office Scan 11.0, Worry-Free Business Security Service 5.x, and Worry-Free Business Security 9.0 allows remote attackers to read arbitrary files via unspecified vectors.... Read more
- EPSS Score: %1.68
- Published: Jun. 19, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2016-1183
NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-extension protection mechanism, and consequently read arbitr... Read more
Affected Products : terasoluna_server_framework_for_java_web- EPSS Score: %0.16
- Published: Jun. 19, 2016
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2016-1432
Cisco IOS XE 3.15S and 3.16S on cBR-8 Converged Broadband Router devices allows remote authenticated users to cause a denial of service (NULL pointer dereference and card restart) via a crafted SNMP request, aka Bug ID CSCuu68862.... Read more
- EPSS Score: %0.45
- Published: Jun. 18, 2016
- Modified: Apr. 12, 2025
-
6.1
MEDIUMCVE-2016-1431
Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur25516.... Read more
- EPSS Score: %0.25
- Published: Jun. 18, 2016
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2016-1427
The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via crafted SCP messages, aka Bug ID CSCuv35694.... Read more
Affected Products : prime_network_registrar- EPSS Score: %0.30
- Published: Jun. 18, 2016
- Modified: Apr. 12, 2025
-
6.1
MEDIUMCVE-2016-5433
Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors.... Read more
Affected Products : ios_receiver- EPSS Score: %0.10
- Published: Jun. 17, 2016
- Modified: Apr. 12, 2025
-
8.2
HIGHCVE-2016-5363
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP ... Read more
- EPSS Score: %4.75
- Published: Jun. 17, 2016
- Modified: Apr. 12, 2025
-
8.2
HIGHCVE-2016-5362
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP dis... Read more
- EPSS Score: %6.31
- Published: Jun. 17, 2016
- Modified: Apr. 12, 2025
-
7.8
HIGHCVE-2016-3643
SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd."... Read more
Affected Products : virtualization_manager- Actively Exploited
- EPSS Score: %4.46
- Published: Jun. 17, 2016
- Modified: Apr. 12, 2025