Recent

VulDB is the number 1 vulnerability database documenting more than 90000 vulnerabilities since 1979. A team of experts is looking for newly disclosed vulnerabilities on a daily basis. After the analysis of the technical capabilities the issue is documented in the database. This kind makes it possible for administrators and security experts to deal with the fast moving vulnerability market. The following list shows the latest entries.

Total: 91022
Recent: 31 (24 hours)
Updates: 299 (24 hours)

09/28/2016 F5 BIG-IP Proxy/SOCKS privilege escalation [CVE-2016-5700]

A vulnerability classified as critical has been found in F5 BIG-IP up to 11.5.1 HF10. Affected is an unknown function of the component Proxy/SOCKS. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
76.3% complete

09/29/2016 Siemens SCALANCE M-800/SCALANCE S615 Web Server Cookie weak encryption

A vulnerability was found in Siemens SCALANCE M-800 and SCALANCE S615 up to 4.1. It has been rated as critical. This issue affects an unknown function of the component Web Server. Upgrading to version 4.02 eliminates this vulnerability.
72.7% complete

09/30/2016 Pivotal Cloud Foundry UAA Endpoint token privilege escalation

A vulnerability was found in Pivotal Cloud Foundry (the affected version is unknown). It has been declared as critical. This vulnerability affects an unknown function of the file /oauth/token of the component UAA Endpoint. Upgrading eliminates this vulnerability.
71.2% complete

09/30/2016 Pivotal Cloud Foundry cross site request forgery [CVE-2016-6637]

A vulnerability was found in Pivotal Cloud Foundry (the affected version is unknown). It has been classified as problematic. This affects an unknown function. Upgrading eliminates this vulnerability.
70.2% complete

09/30/2016 Pivotal Cloud Foundry OAuth Token privilege escalation

A vulnerability was found in Pivotal Cloud Foundry (the affected version is unknown) and classified as critical. Affected by this issue is an unknown function of the component OAuth. Upgrading eliminates this vulnerability.
70.2% complete

09/29/2016 Google Chrome SafeBrowsing privilege escalation [CVE-2016-5176]

A vulnerability has been found in Google Chrome up to 53 and classified as critical. Affected by this vulnerability is an unknown function of the component SafeBrowsing. Upgrading to version 53.0.2785.113 eliminates this vulnerability. The upgrade is hosted for download at chrome.google.com.
72.7% complete

09/29/2016 Aternity getMBeansFromURL privilege escalation [CVE-2016-5062]

A vulnerability, which was classified as critical, was found in Aternity up to 9. Affected is an unknown function of the component getMBeansFromURL. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
70.2% complete

09/29/2016 Aternity cross site scripting [CVE-2016-5061]

A vulnerability, which was classified as problematic, has been found in Aternity up to 9. This issue affects an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
68.7% complete

09/29/2016 HP Network Automation Serialized Java Object Handler Command privilege

A vulnerability classified as critical was found in HP Network Automation up to 9.1x/9.2x/10.00/10.11.00.00. This vulnerability affects an unknown function of the component Serialized Java Object Handler. Upgrading to version 10.00.02.01 or 10.11.00.01 eliminates this vulnerability.
71.2% complete

09/29/2016 KeepNote Backup Import directory traversal

A vulnerability classified as problematic has been found in KeepNote 0.7.8. This affects an unknown function of the component Backup Import. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
75.8% complete

09/29/2016 Abus Security Center FTP Login Persistent cross site scripting

A vulnerability was found in Abus Security Center 0101a. It has been rated as problematic. Affected by this issue is an unknown function of the component FTP Login. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
79.8% complete

09/28/2016 Cisco IOS/IOS XE Software Smart Install Memory Leak denial of service

A vulnerability was found in Cisco IOS and IOS XE (the affected version is unknown). It has been declared as critical. Affected by this vulnerability is an unknown function of the component Software Smart Install. Upgrading eliminates this vulnerability. It is possible to mitigate the problem by applying the configuration setting no vstack. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published immediately after the disclosure of the vulnerability.
75.8% complete

09/28/2016 Cisco IOS/IOS XE Multicast Routing denial of service [CVE-2016-6392]

A vulnerability was found in Cisco IOS and IOS XE (the affected version is unknown). It has been classified as critical. Affected is an unknown function of the component Multicast Routing. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
75.3% complete

09/28/2016 Cisco IOS/IOS XE Multicast Routing denial of service [CVE-2016-6382]

A vulnerability was found in Cisco IOS and IOS XE (the affected version is unknown) and classified as critical. This issue affects an unknown function of the component Multicast Routing. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
75.3% complete

09/28/2016 Cisco IOS/IOS XE IKEv1 Fragmentation Handler denial of service

A vulnerability has been found in Cisco IOS and IOS XE (the affected version is unknown) and classified as critical. This vulnerability affects an unknown function of the component IKEv1 Fragmentation Handler. Upgrading eliminates this vulnerability. It is possible to mitigate the problem by applying the configuration setting no crypto isakmp fragmentation. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published immediately after the disclosure of the vulnerability.
74.7% complete

09/28/2016 Cisco IOS XE NAT denial of service [CVE-2016-6378]

A vulnerability, which was classified as critical, was found in Cisco IOS XE (the affected version is unknown). This affects an unknown function of the component NAT. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
74.7% complete

09/28/2016 Cisco IOS Common Industrial Protocol Request Handler denial of service

A vulnerability, which was classified as critical, has been found in Cisco IOS (the affected version is unknown). Affected by this issue is an unknown function of the component Common Industrial Protocol Request Handler. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
74.7% complete

09/28/2016 Cisco IOS/IOS XE AAA Login denial of service [CVE-2016-6393]

A vulnerability classified as critical was found in Cisco IOS and IOS XE (the affected version is unknown). Affected by this vulnerability is an unknown function of the component AAA Login. Upgrading eliminates this vulnerability. It is possible to mitigate the problem by applying the configuration setting no aaa authentication fail-message. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published immediately after the disclosure of the vulnerability.
75.8% complete

09/28/2016 GD Graphics Library gd_webp.c gdImageWebpCtx buffer overflow

A vulnerability classified as critical has been found in GD Graphics Library up to 2.2.3. Affected is the function gdImageWebpCtx of the file gd_webp.c. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
71.2% complete

09/28/2016 Microsoft Azure Active Directory Passport weak authentication

A vulnerability was found in Microsoft Azure Active Directory Passport up to 1.4.5/2.0.0. It has been rated as critical. This issue affects an unknown function. Upgrading to version 1.4.6 or 2.0.1 eliminates this vulnerability.
71.7% complete

09/29/2016 HPE Network Automation File privilege escalation [CVE-2016-4386]

A vulnerability was found in HPE Network Automation (the affected version is unknown). It has been declared as problematic. This vulnerability affects an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
72.2% complete

09/28/2016 Huge-IT Catalog ajax_url.php sql injection

A vulnerability was found in Huge-IT Catalog 1.0.7 on Joomla. It has been classified as critical. This affects an unknown function of the file ajax_url.php. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
73.2% complete

09/28/2016 Huge-IT Video Gallery ajax_url.php sql injection

A vulnerability was found in Huge-IT Video Gallery 1.0.9 on Joomla and classified as critical. Affected by this issue is an unknown function of the file ajax_url.php. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
73.7% complete

09/27/2016 Adobe Flash Sandbox Clickjacking privilege escalation

A vulnerability has been found in Adobe Flash (the affected version is unknown) and classified as critical. Affected by this vulnerability is an unknown function of the component Sandbox. Upgrading eliminates this vulnerability.
77.8% complete

09/27/2016 Adobe Flash Sandbox privilege escalation

A vulnerability, which was classified as critical, was found in Adobe Flash (the affected version is unknown). Affected is an unknown function of the component Sandbox. Upgrading eliminates this vulnerability.
77.8% complete

09/27/2016 Adobe Flash Sandbox privilege escalation

A vulnerability, which was classified as critical, has been found in Adobe Flash (the affected version is unknown). This issue affects an unknown function of the component Sandbox. Upgrading eliminates this vulnerability.
77.8% complete

09/27/2016 Microsoft Skype Installer cryptui.dll privilege escalation

A vulnerability classified as problematic was found in Microsoft Skype (the affected version is unknown). This vulnerability affects an unknown function in the library msi.dll/dpapi.dll/cryptui.dll of the component Installer. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
75.8% complete

09/28/2016 Revive Adserver Reflected cross site scripting

A vulnerability classified as problematic has been found in Revive Adserver up to 3.2.4. This affects an unknown function. Upgrading to version 3.2.5 or 4.0.0 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
75.3% complete

09/28/2016 Revive Adserver User Handler spoofing

A vulnerability was found in Revive Adserver up to 3.2.4. It has been rated as problematic. Affected by this issue is an unknown function of the component User Handler. Upgrading to version 3.2.5 or 4.0.0 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
75.3% complete

09/28/2016 Revive Adserver Reflected privilege escalation

A vulnerability was found in Revive Adserver up to 3.2.4. It has been declared as critical. Affected by this vulnerability is an unknown function. Upgrading to version 3.2.5 or 4.0.0 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
74.7% complete

09/28/2016 Symantec Messaging Gateway Charting ChartStream.java doGet() directory

A vulnerability was found in Symantec Messaging Gateway up to 10.6.0. It has been classified as problematic. Affected is the function doGet() of the file com/ve/kavachart/servlet/ChartStream.java of the component Charting. Upgrading to version 10.6.1 eliminates this vulnerability.
80.8% complete

09/28/2016 D-Link DWR-932B UPnP privilege escalation

A vulnerability was found in D-Link DWR-932B (the affected version is unknown) and classified as critical. This issue affects an unknown function of the component UPnP. It is possible to mitigate the problem by applying the configuration setting .
76.8% complete

09/28/2016 D-Link DWR-932B File Permission netcfg privilege escalation

A vulnerability has been found in D-Link DWR-932B (the affected version is unknown) and classified as problematic. This vulnerability affects an unknown function of the file /sbin/netcfg of the component File Permission. It is possible to mitigate the problem by applying the configuration setting .
77.3% complete

09/28/2016 D-Link DWR-932B FOTA Server Handler Credentials information disclosure

A vulnerability, which was classified as problematic, was found in D-Link DWR-932B (the affected version is unknown). This affects an unknown function of the component FOTA Server Handler. It is possible to mitigate the problem by applying the configuration setting .
77.3% complete

09/28/2016 D-Link DWR-932B No-IP Credentials information disclosure

A vulnerability, which was classified as problematic, has been found in D-Link DWR-932B (the affected version is unknown). Affected by this issue is an unknown function of the component No-IP. It is possible to mitigate the problem by applying the configuration setting .
77.8% complete

09/28/2016 D-Link DWR-932B WPS Generation weak authentication

A vulnerability classified as problematic was found in D-Link DWR-932B (the affected version is unknown). Affected by this vulnerability is an unknown function of the component WPS Generation. It is possible to mitigate the problem by applying the configuration setting .
77.8% complete

09/28/2016 D-Link DWR-932B WPS Default weak authentication

A vulnerability classified as critical has been found in D-Link DWR-932B (the affected version is unknown). Affected is an unknown function of the component WPS. It is possible to mitigate the problem by applying the configuration setting .
78.3% complete

09/28/2016 D-Link DWR-932B Telnet Server appmgr privilege escalation

A vulnerability was found in D-Link DWR-932B (the affected version is unknown). It has been rated as critical. This issue affects an unknown function of the file /bin/appmgr of the component Telnet Server. It is possible to mitigate the weakness by firewalling udp/39889.
79.3% complete

09/28/2016 D-Link DWR-932B HTTP Service Default Admin Password privilege escalation

A vulnerability was found in D-Link DWR-932B (the affected version is unknown). It has been declared as critical. This vulnerability affects an unknown function of the component HTTP Service. It is possible to mitigate the problem by applying the configuration setting .
78.3% complete

09/28/2016 D-Link DWR-932B SSH Service Backdoor privilege escalation

A vulnerability was found in D-Link DWR-932B (the affected version is unknown). It has been classified as critical. This affects an unknown function of the component SSH Service. It is possible to mitigate the problem by applying the configuration setting . It is possible to mitigate the weakness by firewalling tcp/22 (ssh). The best possible mitigation is suggested to be the change of configuration settings.
78.3% complete

09/28/2016 D-Link DWR-932B Telnet Service Backdoor privilege escalation

A vulnerability was found in D-Link DWR-932B (the affected version is unknown) and classified as critical. Affected by this issue is an unknown function of the component Telnet Service. It is possible to mitigate the problem by applying the configuration setting . It is possible to mitigate the weakness by firewalling tcp/23 (telnet). The best possible mitigation is suggested to be the change of configuration settings.
78.3% complete

09/27/2016 AVer EH6108H+ Hybrid DVR Password information disclosure [CVE-2016-6537]

A vulnerability has been found in AVer EH6108H+ Hybrid DVR X9.03.24.00.07l and classified as critical. Affected by this vulnerability is an unknown function. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
73.2% complete

09/27/2016 AVer EH6108H+ Hybrid DVR Config Page privilege escalation [CVE-2016-6536]

A vulnerability, which was classified as critical, was found in AVer EH6108H+ Hybrid DVR X9.03.24.00.07l. Affected is an unknown function of the component Config Page. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
72.7% complete

09/27/2016 AVer EH6108H+ Hybrid DVR Telnet Service Default Credentials weak authentication

A vulnerability, which was classified as critical, has been found in AVer EH6108H+ Hybrid DVR X9.03.24.00.07l. This issue affects an unknown function of the component Telnet Service. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
73.2% complete

09/27/2016 EMC ViPR SRM Stored cross site scripting [CVE-2016-6647]

A vulnerability classified as problematic was found in EMC ViPR SRM up to 4.0.0. This vulnerability affects an unknown function. Upgrading to version 4.0.1 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
76.3% complete

09/27/2016 OpenStack Compute Compute Nodes Handler Disk Consumption denial of service

A vulnerability was found in OpenStack Compute 13.0.0. It has been rated as problematic. Affected by this issue is an unknown function of the component Compute Nodes Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
70.2% complete

09/27/2016 GnuTLS OCSP Response Length Handler ocsp.c gnutls_ocsp_resp_check_crt weak

A vulnerability was found in GnuTLS up to 3.4.14/3.5.3. It has been declared as critical. Affected by this vulnerability is the function gnutls_ocsp_resp_check_crt in the library lib/x509/ocsp.c of the component OCSP Response Length Handler. Upgrading to version 3.4.15 or 3.5.4 eliminates this vulnerability.
72.7% complete

09/27/2016 Red Hat JBoss Operations Network Authentication privilege escalation

A vulnerability was found in Red Hat JBoss Operations Network (the affected version is unknown). It has been classified as critical. Affected is an unknown function of the component Authentication. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
69.2% complete

09/27/2016 SAP TREX NameServer information disclosure [CVE-2016-6146]

A vulnerability was found in SAP TREX 7.10 Revision 63 and classified as problematic. This issue affects an unknown function of the component NameServer. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
72.2% complete

09/27/2016 SAP TREX unspecified privilege escalation

A vulnerability has been found in SAP TREX 7.10 Revision 63 and classified as critical. This vulnerability affects the function unspecified. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
72.2% complete