2017-02-13
2017-02-13 18:59Z
CRIT

CVE-2016-5100 — Froxlor Froxlor: before 0.9.35 uses the PHP rand function for random number generation, which makes

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-5100

Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value. CVSSv3.1 9.8 (CRITICAL)

CWECWE 330VNDFroxlorTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-13
2017-02-13 18:59Z
HIGH

CVE-2016-3616 — Libjpeg-turbo Libjpeg-turbo: The cjpeg utility in libjpeg allows remote attackers to cause a denial of service

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-3616

The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. CVSSv3.1 8.8 (HIGH)

CWECWE 476VNDCanonicalVNDLibjpeg TurboTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-13
2017-02-13 18:59Z
CRIT

CVE-2016-2788 — Puppet Marionette_collective: MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-2788

MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command. CVSSv3.1 9.8 (CRITICAL)

CWECWE 284VNDPuppetVNDMcollectiveTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-13
2017-02-13 18:59Z
CRIT

CVE-2015-8771 — Gosa_project Gosa_plugin: The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-8771

The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password. CVSSv3.1 9.8 (CRITICAL)

CWECWE 94VNDGosa ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-13
2017-02-13 18:59Z
CRIT

CVE-2015-8768 — Click_project Click: click/install.py in click does not require files in package filesystem tarballs to start with

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-8768

click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone. CVSSv3.1 9.8 (CRITICAL)

CWECWE 264VNDCanonicalVNDClick ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-13
2017-02-13 17:59Z
MED

CVE-2016-6210 — Openbsd Openssh: sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-6210

sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided. CVSSv3.1 5.9 (MEDIUM) · EPSS 100th percentile

CWECWE 200VNDOpensshTYPVulnerability
5.9
CVSS v3.1
100
Edit Score
2017-02-10
2017-02-10 07:59Z
CRIT

CVE-2017-5954 — Serialize-to-js_project Serialize-to-js: Untrusted data passed into the deserialize() function can be exploited to achieve arbitrary code

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5954

An issue was discovered in the serialize-to-js package 0.5.0 for Node.js. Untrusted data passed into the deserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE). CVSSv3.1 9.8 (CRITICAL)

CWECWE 502VNDSerialize To Js ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2017-02-10
2017-02-10 07:59Z
CRIT

CVE-2017-5953 — Vim Vim: before patch 8.0.0322 does not properly validate values for tree length when handling

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5953

vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow. CVSSv3.1 9.8 (CRITICAL)

CWECWE 190VNDVimTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-09
2017-02-09 19:59Z
CRIT

CVE-2017-5941 — Node-serialize_project Node-serialize: Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5941

An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE). CVSSv3.1 9.8 (CRITICAL)

CWECWE 502VNDNode Serialize ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-09
2017-02-09 18:59Z
HIGH

CVE-2017-5940 — Firejail_project Firejail: before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5940

Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180. CVSSv3.1 8.8 (HIGH)

CWECWE 269VNDFirejail ProjectVNDFirejailTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-09
2017-02-09 18:59Z
HIGH

CVE-2017-5180 — Firejail_project Firejail: before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5180

Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. CVSSv3.1 8.8 (HIGH)

CWECWE 862VNDFirejail ProjectVNDFirejailTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-09
2017-02-09 17:59Z
HIGH

CVE-2017-3807 — Cisco Adaptive_security_appliance_software: A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-3807

A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software, Major Releases 9.0-9.6, could allow an authenticated, remote attacker to cause a heap overflow. The vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability by sending a crafted URL to the affected system. An exploit could allow the remote attacker to cause a reload of the affected system or potent CVSSv3.1 8.8 (HIGH)

CWECWE 119VNDCiscoVNDCommonTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-09
2017-02-09 15:59Z
HIGH

CVE-2016-6171 — Knot-dns Knot_dns: Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-6171

Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and slave server crash) via a large zone transfer for (1) DDNS, (2) AXFR, or (3) IXFR. CVSSv3.1 8.6 (HIGH)

CWECWE 400VNDKnot DnsVNDKnotTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2017-02-09
2017-02-09 15:59Z
HIGH

CVE-2016-5727 — Simplemachines Simple_machines_forum: LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-5727

LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop. CVSSv3.1 8.8 (HIGH)

CWECWE 94VNDSimplemachinesVNDLoginoutTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-09
2017-02-09 15:59Z
CRIT

CVE-2016-5726 — Simplemachines Simple_machines_forum: Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-5726

Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter. CVSSv3.1 9.8 (CRITICAL)

CWECWE 94VNDSimplemachinesTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-09
2017-02-09 15:59Z
CRIT

CVE-2016-2148 — Busybox Busybox: Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-2148

Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDCanonicalVNDBusyboxTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-09
2017-02-09 15:59Z
CRIT

CVE-2016-10192 — Ffmpeg Ffmpeg: Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-10192

Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDHeapVNDFfmpegTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-09
2017-02-09 15:59Z
CRIT

CVE-2016-10191 — Ffmpeg Ffmpeg: Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-10191

Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDHeapVNDFfmpegTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-09
2017-02-09 15:59Z
CRIT

CVE-2016-10190 — Ffmpeg Ffmpeg: Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-10190

Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDHeapVNDFfmpegTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-09
2017-02-09 15:59Z
HIGH

CVE-2015-8832 — Dotclear Dotclear: Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-8832

Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with "manage their own media items" and "manage their own entries and comments" permissions to execute arbitrary PHP code by uploading a file with a (1) .pht, (2) .phps, or (3) .phtml extension. CVSSv3.1 8.8 (HIGH)

CWECWE 284VNDDotclearTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-02-09
2017-02-09 15:59Z
CRIT

CVE-2015-6024 — Netcommwireless Hspa_3g10wve_firmware: ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote authenticated

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-6024

ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the DIA_IPADDRESS parameter. CVSSv3.1 9.8 (CRITICAL)

CWECWE 77VNDNetcommwirelessTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-08
2017-02-08 22:59Z
CRIT

CVE-2016-9005 — Ibm System_storage_ts3100-ts3200_tape_library: System Storage TS3100-TS3200 Tape Library could allow an unauthenticated user with access to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9005

IBM System Storage TS3100-TS3200 Tape Library could allow an unauthenticated user with access to the company network, to change a user's password and gain remote access to the system. CVSSv3.1 9.8 (CRITICAL)

CWECWE 284VNDIbmTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-08
2017-02-08 22:59Z
CRIT

CVE-2016-8954 — Ibm Dashdb_local: dashDB Local uses hard-coded credentials that could allow a remote attacker to gain

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8954

IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database. CVSSv3.1 9.8 (CRITICAL)

CWECWE 798VNDIbmTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-08
2017-02-08 17:59Z
CRIT

CVE-2017-2765 — Emc Isilon_insightiq: Isilon InsightIQ 4.1.0, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, 3.1.0, 3.0.1, 3.0.0 is

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-2765

EMC Isilon InsightIQ 4.1.0, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, 3.1.0, 3.0.1, 3.0.0 is affected by an authentication bypass vulnerability that could potentially be exploited by attackers to compromise the affected system. CVSSv3.1 9.8 (CRITICAL)

CWECWE 287VNDEmcTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-02-08
2017-02-08 15:59Z
CRIT

CVE-2016-8418 — Google Android: A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8418

A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Product: Android. Versions: N/A. Android ID: A-32652894. References: QC-CR#1077457. CVSSv3.1 9.8 (CRITICAL)

CWECWE 284VNDGoogleTYPVulnerability
9.8
CVSS v3.1
99
Edit Score