2017-01-27
2017-01-27 17:59Z
CRIT

CVE-2016-8411 — Google Android: Buffer overflow vulnerability while processing QMI QOS TLVs.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8411

Buffer overflow vulnerability while processing QMI QOS TLVs. Product: Android. Versions: versions that have qmi_qos_srvc.c. Android ID: 31805216. References: QC CR#912775. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDGoogleVNDBufferTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-26
2017-01-26 21:59Z
CRIT

CVE-2016-9054 — Aerospike Database_server: An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9054

An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function as_sindex__simatch_list_by_set_binid resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability. CVSSv3.1 9.8 (CRITICAL)

CWECWE 787VNDAerospikeTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-26
2017-01-26 21:59Z
CRIT

CVE-2016-9052 — Aerospike Database_server: An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9052

An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function as_sindex__simatch_by_iname resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability. CVSSv3.1 9.8 (CRITICAL)

CWECWE 787VNDAerospikeTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-26
2017-01-26 21:59Z
HIGH

CVE-2016-9050 — Aerospike Database_server: An exploitable out-of-bounds read vulnerability exists in the client message-parsing functionality of Aerospike Database

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9050

An exploitable out-of-bounds read vulnerability exists in the client message-parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds read resulting in disclosure of memory within the process, the same vulnerability can also be used to trigger a denial of service. An attacker can simply connect to the port and send the packet to trigger this vulnerability. CVSSv3.1 8.2 (HIGH)

CWECWE 125VNDAerospikeTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2017-01-26
2017-01-26 15:59Z
CRIT

CVE-2016-6912 — Libgd Libgd: Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd)

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-6912

Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values. CVSSv3.1 9.8 (CRITICAL)

CWECWE 415VNDDoubleVNDLibgdTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-26
2017-01-26 07:59Z
HIGH

CVE-2017-3794 — Cisco Webex_meetings_server: A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-3794

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user. More Information: CSCuz03317. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDCiscoTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-01-26
2017-01-26 07:59Z
HIGH

CVE-2016-9218 — Cisco Hybrid_meeting_server: A vulnerability in Cisco Hybrid Meeting Server could allow an unauthenticated, remote attacker to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9218

A vulnerability in Cisco Hybrid Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvc28662. Known Affected Releases: 1.0. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDCiscoTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
728 × 90 / responsive · programmatic ad slot
2017-01-25
2017-01-25 19:59Z
CRIT

CVE-2016-9307 — Autodesk Fbx_software_development_kit: Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9307

Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed 3DS format files. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDAutodeskTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-25
2017-01-25 19:59Z
CRIT

CVE-2016-9306 — Autodesk Fbx_software_development_kit: Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9306

Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DAE format files. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDAutodeskTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-25
2017-01-25 19:59Z
CRIT

CVE-2016-9305 — Autodesk Fbx_software_development_kit: Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9305

Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers. CVSSv3.1 9.8 (CRITICAL)

CWECWE 19VNDAutodeskTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-25
2017-01-25 19:59Z
HIGH

CVE-2016-9304 — Autodesk Fbx_software_development_kit: Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9304

Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DFX format files. CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDAutodeskTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-01-25
2017-01-25 19:59Z
CRIT

CVE-2016-9303 — Autodesk Fbx_software_development_kit: Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9303

Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code or cause an infinite loop condition when reading or converting malformed FBX format files. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDAutodeskTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-24
2017-01-24 21:59Z
CRIT

CVE-2016-10160 — Php Php: Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-10160

Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. CVSSv3.1 9.8 (CRITICAL)

CWECWE 193VNDNetappVNDOffTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-23
2017-01-23 21:59Z
HIGH

CVE-2016-9383 — Xen Xen: Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9383

Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instructions. CVSSv3.1 8.8 (HIGH)

CWECWE 20VNDCitrixVNDXenTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-01-23
2017-01-23 21:59Z
CRIT

CVE-2016-9081 — Joomla Joomla\!: 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9081

Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors. CVSSv3.1 9.8 (CRITICAL)

CWECWE 255VNDJoomlaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-23
2017-01-23 21:59Z
HIGH

CVE-2016-9012 — Arista Cloudvision_portal: CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated users to gain access to the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9012

CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via the management plane, related to a request to /web/system/console/bundle. CVSSv3.1 8.8 (HIGH)

CWECWE 264VNDAristaVNDCloudvisionTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-01-23
2017-01-23 21:59Z
HIGH

CVE-2016-7792 — Ubiquiti_networks Unifi_ap_ac_lite_firmware: Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-7792

Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it. CVSSv3.1 8.8 (HIGH)

CWECWE 284VNDUbiquitiVNDUbiquiti NetworksTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-01-23
2017-01-23 21:59Z
CRIT

CVE-2016-7567 — Openslp Openslp: Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-7567

Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDBufferVNDOpenslpTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-23
2017-01-23 21:59Z
HIGH

CVE-2016-7102 — Owncloud Owncloud_desktop_client: Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-7102

ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive. CVSSv3.1 8.4 (HIGH)

CWECWE 94VNDOwncloudVNDDesktopTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2017-01-23
2017-01-23 21:59Z
CRIT

CVE-2016-7036 — Python-jose_project Python-jose: before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-7036

python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys. CVSSv3.1 9.8 (CRITICAL)

CWECWE 361VNDPython Jose ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-23
2017-01-23 21:59Z
CRIT

CVE-2016-6603 — Zohocorp Webnms_framework: ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-6603

ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header. CVSSv3.1 9.8 (CRITICAL)

CWECWE 20VNDZohoVNDZohocorpTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-23
2017-01-23 21:59Z
CRIT

CVE-2016-6602 — Zohocorp Webnms_framework: ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-6602

ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit. CVSSv3.1 9.8 (CRITICAL)

CWECWE 327VNDZohoVNDZohocorpTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-23
2017-01-23 21:59Z
CRIT

CVE-2016-6600 — Zohocorp Webnms_framework: Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-6600

Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet. CVSSv3.1 9.8 (CRITICAL)

CWECWE 22VNDZohocorpTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-23
2017-01-23 21:59Z
CRIT

CVE-2016-6582 — Doorkeeper_project Doorkeeper: The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-6582

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification. CVSSv3.1 9.1 (CRITICAL)

CWECWE 254VNDDoorkeeper ProjectVNDDoorkeeperTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2017-01-23
2017-01-23 21:59Z
HIGH

CVE-2016-6521 — Gopivotal Grails: Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-6521

Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDCsrfVNDGopivotalTYPVulnerability
8.8
CVSS v3.1
94
Edit Score