| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1679 | Hig | 0.57 | 8.8 | 0.01 | Jun 5, 2016 | The ToV8Value function in content/child/v8_value_converter_impl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote attackers to cause a denial of service (use-after-free) or possibly have… | ||
| CVE-2016-1678 | Hig | 0.57 | 8.8 | 0.02 | Jun 5, 2016 | objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted… | ||
| CVE-2016-1676 | Hig | 0.57 | 8.8 | 0.02 | Jun 5, 2016 | extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | ||
| CVE-2016-1675 | Hig | 0.57 | 8.8 | 0.02 | Jun 5, 2016 | Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp. | ||
| CVE-2016-1674 | Hig | 0.57 | 8.8 | 0.02 | Jun 5, 2016 | The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | ||
| CVE-2016-1673 | Hig | 0.57 | 8.8 | 0.02 | Jun 5, 2016 | Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | ||
| CVE-2016-1672 | Hig | 0.57 | 8.8 | 0.02 | Jun 5, 2016 | The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via… | ||
| CVE-2016-4563 | Hig | 0.57 | 8.8 | 0.03 | Jun 4, 2016 | The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and… | ||
| CVE-2016-4562 | Hig | 0.57 | 8.8 | 0.03 | Jun 4, 2016 | The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have… | ||
| CVE-2016-1403 | Hig | 0.51 | 7.8 | 0.01 | Jun 4, 2016 | CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005. | ||
| CVE-2016-1391 | Hig | 0.57 | 8.8 | 0.02 | Jun 4, 2016 | Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) allow remote authenticated users to execute arbitrary OS commands via a… | ||
| CVE-2016-1390 | Hig | 0.51 | 7.8 | 0.00 | Jun 4, 2016 | Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow local users to obtain root access via crafted CLI input, aka Bug ID… | ||
| CVE-2016-3944 | Hig | 0.49 | 7.5 | 0.02 | Jun 3, 2016 | UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com. | ||
| CVE-2016-3096 | Hig | 0.44 | 7.8 | 0.00 | Jun 3, 2016 | The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path… | ||
| CVE-2016-0376 | Hig | 0.53 | 8.1 | 0.06 | Jun 3, 2016 | The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in… | ||
| CVE-2016-0363 | Hig | 0.53 | 8.1 | 0.04 | Jun 3, 2016 | The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the… | ||
| CVE-2016-5126 | Hig | 0.51 | 7.8 | 0.01 | Jun 1, 2016 | Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call. | ||
| CVE-2016-4810 | Hig | 0.49 | 7.5 | 0.01 | Jun 1, 2016 | Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors. | ||
| CVE-2016-4423 | Hig | 0.49 | 7.5 | 0.02 | Jun 1, 2016 | The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which… | ||
| CVE-2016-1902 | Hig | 0.42 | 7.5 | 0.02 | Jun 1, 2016 | The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails,… | ||
| CVE-2015-8875 | Hig | 0.51 | 7.8 | 0.03 | Jun 1, 2016 | Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute… | ||
| CVE-2016-3697 | Hig | 0.44 | 7.8 | 0.00 | Jun 1, 2016 | libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container. | ||
| CVE-2016-3075 | Hig | 0.49 | 7.5 | 0.08 | Jun 1, 2016 | Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name. | ||
| CVE-2016-2175 | Hig | 0.51 | 7.8 | 0.05 | Jun 1, 2016 | Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF. | ||
| CVE-2016-1234 | Hig | 0.49 | 7.5 | 0.05 | Jun 1, 2016 | Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name. | ||
| CVE-2016-4506 | Hig | 0.52 | 8.0 | 0.01 | May 31, 2016 | Cross-site request forgery (CSRF) vulnerability on Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allows remote authenticated users to hijack the authentication of arbitrary users. | ||
| CVE-2016-4505 | Hig | 0.57 | 8.8 | 0.02 | May 31, 2016 | Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allow remote authenticated users to modify arbitrary passwords via unspecified vectors. | ||
| CVE-2016-4502 | Hig | 0.49 | 7.5 | 0.02 | May 31, 2016 | Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier allows remote attackers to bypass intended access restrictions and execute arbitrary functions via a modified parameter. | ||
| CVE-2016-2295 | Hig | 0.49 | 7.5 | 0.02 | May 31, 2016 | Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices… | ||
| CVE-2016-2286 | Hig | 0.49 | 7.5 | 0.01 | May 31, 2016 | Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices… | ||
| CVE-2016-2285 | Hig | 0.57 | 8.8 | 0.01 | May 31, 2016 | Cross-site request forgery (CSRF) vulnerability on Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with… | ||
| CVE-2016-0879 | Hig | 0.49 | 7.5 | 0.02 | May 31, 2016 | Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL. | ||
| CVE-2016-0878 | Hig | 0.49 | 7.5 | 0.02 | May 31, 2016 | Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to cause a denial of service (cold start) by sending two crafted ping requests. | ||
| CVE-2016-0877 | Hig | 0.49 | 7.5 | 0.02 | May 31, 2016 | Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a denial of service (memory consumption) by executing the ping function. | ||
| CVE-2016-0876 | Hig | 0.49 | 7.5 | 0.01 | May 31, 2016 | Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passwords by reading a configuration file. | ||
| CVE-2016-0875 | Hig | 0.49 | 7.5 | 0.02 | May 31, 2016 | Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL. | ||
| CVE-2016-4118 | Hig | 0.51 | 7.8 | 0.01 | May 30, 2016 | Untrusted search path vulnerability in the installer in Adobe Connect Add-In before 11.9.976.291 on Windows allows local users to gain privileges via unspecified vectors. | ||
| CVE-2016-2309 | Hig | 0.47 | 7.2 | 0.01 | May 30, 2016 | iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. | ||
| CVE-2016-2025 | Hig | 0.49 | 7.5 | 0.04 | May 30, 2016 | HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Catalog, and Mobility components. | ||
| CVE-2016-1409 | Hig | 0.49 | 7.5 | 0.04 | May 29, 2016 | The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as… | ||
| CVE-2016-1404 | Hig | 0.49 | 7.5 | 0.01 | May 29, 2016 | Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by sniffing network traffic… | ||
| CVE-2016-1410 | Hig | 0.49 | 7.5 | 0.02 | May 28, 2016 | Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312. | ||
| CVE-2016-3681 | Hig | 0.51 | 7.8 | 0.01 | May 26, 2016 | Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted… | ||
| CVE-2016-3680 | Hig | 0.51 | 7.8 | 0.01 | May 26, 2016 | Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted… | ||
| CVE-2016-4791 | Hig | 0.56 | 8.6 | 0.02 | May 26, 2016 | The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via… | ||
| CVE-2016-4786 | Hig | 0.49 | 7.5 | 0.02 | May 26, 2016 | Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 before 8.0r11, and 7.4 before 7.4r13.4 allow remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. | ||
| CVE-2016-4021 | Hig | 0.49 | 7.5 | 0.02 | May 26, 2016 | The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the \xa3\x03 string. | ||
| CVE-2016-1887 | Hig | 0.54 | 7.8 | 0.01 | May 25, 2016 | Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service (memory overwrite and kernel panic) or gain privileges via a negative buflen argument,… | ||
| CVE-2016-1886 | Hig | 0.54 | 7.8 | 0.01 | May 25, 2016 | Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory overwrite and… | ||
| CVE-2015-8853 | Hig | 0.49 | 7.5 | 0.03 | May 25, 2016 | The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80." |
- risk 0.57cvss 8.8epss 0.01
The ToV8Value function in content/child/v8_value_converter_impl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote attackers to cause a denial of service (use-after-free) or possibly have…
- risk 0.57cvss 8.8epss 0.02
objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted…
- risk 0.57cvss 8.8epss 0.02
extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
- risk 0.57cvss 8.8epss 0.02
Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp.
- risk 0.57cvss 8.8epss 0.02
The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
- risk 0.57cvss 8.8epss 0.02
Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
- risk 0.57cvss 8.8epss 0.02
The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via…
- risk 0.57cvss 8.8epss 0.03
The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which allows remote attackers to cause a denial of service (buffer overflow and…
- risk 0.57cvss 8.8epss 0.03
The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have…
- risk 0.51cvss 7.8epss 0.01
CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005.
- risk 0.57cvss 8.8epss 0.02
Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) allow remote authenticated users to execute arbitrary OS commands via a…
- risk 0.51cvss 7.8epss 0.00
Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow local users to obtain root access via crafted CLI input, aka Bug ID…
- risk 0.49cvss 7.5epss 0.02
UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com.
- risk 0.44cvss 7.8epss 0.00
The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path…
- risk 0.53cvss 8.1epss 0.06
The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in…
- risk 0.53cvss 8.1epss 0.04
The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the…
- risk 0.51cvss 7.8epss 0.01
Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.
- risk 0.49cvss 7.5epss 0.01
Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors.
- risk 0.49cvss 7.5epss 0.02
The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which…
- risk 0.42cvss 7.5epss 0.02
The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails,…
- risk 0.51cvss 7.8epss 0.03
Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute…
- risk 0.44cvss 7.8epss 0.00
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.
- risk 0.49cvss 7.5epss 0.08
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.
- risk 0.51cvss 7.8epss 0.05
Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.
- risk 0.49cvss 7.5epss 0.05
Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name.
- risk 0.52cvss 8.0epss 0.01
Cross-site request forgery (CSRF) vulnerability on Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allows remote authenticated users to hijack the authentication of arbitrary users.
- risk 0.57cvss 8.8epss 0.02
Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allow remote authenticated users to modify arbitrary passwords via unspecified vectors.
- risk 0.49cvss 7.5epss 0.02
Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier allows remote attackers to bypass intended access restrictions and execute arbitrary functions via a modified parameter.
- risk 0.49cvss 7.5epss 0.02
Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices…
- risk 0.49cvss 7.5epss 0.01
Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices…
- risk 0.57cvss 8.8epss 0.01
Cross-site request forgery (CSRF) vulnerability on Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with…
- risk 0.49cvss 7.5epss 0.02
Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL.
- risk 0.49cvss 7.5epss 0.02
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to cause a denial of service (cold start) by sending two crafted ping requests.
- risk 0.49cvss 7.5epss 0.02
Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a denial of service (memory consumption) by executing the ping function.
- risk 0.49cvss 7.5epss 0.01
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to discover cleartext passwords by reading a configuration file.
- risk 0.49cvss 7.5epss 0.02
Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL.
- risk 0.51cvss 7.8epss 0.01
Untrusted search path vulnerability in the installer in Adobe Connect Add-In before 11.9.976.291 on Windows allows local users to gain privileges via unspecified vectors.
- risk 0.47cvss 7.2epss 0.01
iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.
- risk 0.49cvss 7.5epss 0.04
HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Catalog, and Mobility components.
- risk 0.49cvss 7.5epss 0.04
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as…
- risk 0.49cvss 7.5epss 0.01
Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by sniffing network traffic…
- risk 0.49cvss 7.5epss 0.02
Cisco WebEx Meeting Center Original Release Base allows remote attackers to obtain sensitive information about username validity by (1) attending or (2) hosting a meeting, aka Bug ID CSCux84312.
- risk 0.51cvss 7.8epss 0.01
Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted…
- risk 0.51cvss 7.8epss 0.01
Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (crash) or possibly gain privileges via a crafted…
- risk 0.56cvss 8.6epss 0.02
The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via…
- risk 0.49cvss 7.5epss 0.02
Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 before 8.0r11, and 7.4 before 7.4r13.4 allow remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
- risk 0.49cvss 7.5epss 0.02
The read_binary function in buffer.c in pgpdump before 0.30 allows context-dependent attackers to cause a denial of service (infinite loop and CPU consumption) via crafted input, as demonstrated by the \xa3\x03 string.
- risk 0.54cvss 7.8epss 0.01
Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service (memory overwrite and kernel panic) or gain privileges via a negative buflen argument,…
- risk 0.54cvss 7.8epss 0.01
Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory overwrite and…
- risk 0.49cvss 7.5epss 0.03
The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."