CVE-2016-4437

Known exploited
Public exploit
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
Max CVSS
8.1
EPSS Score
97.48%
Published
2016-06-07
Updated
2018-10-09
CISA KEV Added
2021-11-03

CVE-2016-3236

Public exploit
The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles proxy discovery, which allows remote attackers to redirect network traffic via unspecified vectors, aka "Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability."
Max CVSS
10.0
EPSS Score
92.83%
Published
2016-06-16
Updated
2018-10-12

CVE-2016-3235

Known exploited
Public exploit
Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."
Max CVSS
9.3
EPSS Score
1.55%
Published
2016-06-16
Updated
2018-10-12
CISA KEV Added
2021-11-03

CVE-2016-3225

Public exploit
The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application that forwards an authentication request to an unintended service, aka "Windows SMB Server Elevation of Privilege Vulnerability."
Max CVSS
7.8
EPSS Score
1.09%
Published
2016-06-16
Updated
2018-10-12

CVE-2016-3213

Public exploit
The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 9 through 11 has an improper fallback mechanism, which allows remote attackers to gain privileges via NetBIOS name responses, aka "WPAD Elevation of Privilege Vulnerability."
Max CVSS
9.3
EPSS Score
92.12%
Published
2016-06-16
Updated
2018-10-12

CVE-2016-3088

Known exploited
Public exploit
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.
Max CVSS
9.8
EPSS Score
83.96%
Published
2016-06-01
Updated
2019-03-27
CISA KEV Added
2022-02-10

CVE-2016-3087

Public exploit
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.
Max CVSS
9.8
EPSS Score
46.49%
Published
2016-06-07
Updated
2019-08-12

CVE-2016-1543

Public exploit
The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary user passwords by sending an action packet to xmlrpc after an authorization failure.
Max CVSS
7.5
EPSS Score
41.37%
Published
2016-06-13
Updated
2018-10-09

CVE-2016-1542

Public exploit
The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and enumerate users by sending an action packet to xmlrpc after an authorization failure.
Max CVSS
7.5
EPSS Score
41.37%
Published
2016-06-13
Updated
2018-10-09

CVE-2015-7611

Public exploit
Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.
Max CVSS
9.3
EPSS Score
77.52%
Published
2016-06-07
Updated
2018-10-09
hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.
Max CVSS
9.0
EPSS Score
3.17%
Published
2016-06-30
Updated
2016-11-28
WordPress before 4.5.3 allows remote attackers to bypass the sanitize_file_name protection mechanism via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.44%
Published
2016-06-29
Updated
2016-11-28
WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie.
Max CVSS
7.5
EPSS Score
0.77%
Published
2016-06-29
Updated
2016-11-30
WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.54%
Published
2016-06-29
Updated
2016-11-30
The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors.
Max CVSS
7.5
EPSS Score
1.19%
Published
2016-06-29
Updated
2018-07-31
WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php.
Max CVSS
7.5
EPSS Score
0.57%
Published
2016-06-29
Updated
2016-11-30
Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5833.
Max CVSS
6.1
EPSS Score
0.35%
Published
2016-06-29
Updated
2016-11-30
Cross-site scripting (XSS) vulnerability in the column_title function in wp-admin/includes/class-wp-media-list-table.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5834.
Max CVSS
6.1
EPSS Score
0.68%
Published
2016-06-29
Updated
2016-11-30
The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.64%
Published
2016-06-29
Updated
2016-11-30
Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call.
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-06-27
Updated
2023-01-17
The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call.
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-06-27
Updated
2023-01-17
Lenovo BIOS EFI Driver allows local administrators to execute arbitrary code with System Management Mode (SMM) privileges via unspecified vectors.
Max CVSS
8.2
EPSS Score
0.04%
Published
2016-06-30
Updated
2019-09-27
Race condition in the vop_ioctl function in drivers/misc/mic/vop/vop_vringh.c in the MIC VOP driver in the Linux kernel before 4.6.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (memory corruption and system crash) by changing a certain header, aka a "double fetch" vulnerability.
Max CVSS
6.3
EPSS Score
0.04%
Published
2016-06-27
Updated
2016-11-28
Huawei FusionInsight HD before V100R002C60SPC200 allows local users to gain root privileges via unspecified vectors.
Max CVSS
7.8
EPSS Score
0.04%
Published
2016-06-24
Updated
2016-06-27
Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network.
Max CVSS
7.5
EPSS Score
0.19%
Published
2016-06-24
Updated
2016-09-29
510 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!