2017-01-15
2017-01-15 02:59Z
HIGH

CVE-2017-5489 — Wordpress Wordpress: Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5489

Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDWordpressVNDCsrfTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-01-14
2017-01-14 19:59Z
CRIT

CVE-2016-8205 — Brocade Network_advisor: A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8205

A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed. CVSSv3.1 9.8 (CRITICAL)

CWECWE 22VNDBrocadeTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-14
2017-01-14 19:59Z
CRIT

CVE-2016-8204 — Broadcom Brocade_network_advisor: A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8204

A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed. CVSSv3.1 9.8 (CRITICAL)

CWECWE 22VNDBroadcomTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-14
2017-01-14 19:59Z
HIGH

CVE-2016-8201 — Brocade Virtual_traffic_manager: A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8201

A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster. CVSSv3.1 8.0 (HIGH)

CWECWE 352VNDBrocadeVNDCsrfTYPVulnerability
8.0
CVSS v3.1
90
Edit Score
2017-01-14
2017-01-14 07:59Z
HIGH

CVE-2017-5476 — S9y Serendipity: through 2.0.5 allows CSRF for the installation of an event plugin or a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5476

Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDS9yVNDSerendipityTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-01-14
2017-01-14 07:59Z
HIGH

CVE-2017-5475 — S9y Serendipity: comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5475

comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDS9yVNDSerendipityTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-01-14
2017-01-14 07:59Z
HIGH

CVE-2017-5473 — Ntop Ntopng: Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2017-5473

Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua, and admin/password_reset.lua. CVSSv3.1 8.8 (HIGH)

CWECWE 352VNDNtopVNDCsrfTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
728 × 90 / responsive · programmatic ad slot
2017-01-14
2017-01-14 07:59Z
HIGH

CVE-2016-10142 — Ietf Ipv6: That is, employing fragmentation where not actually needed allows for fragmentation-based attack vectors to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-10142

An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages. (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security implications of IP fragmentation have been discussed at length in [RFC6274] and [RFC7739]. An attacker can leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not n CVSSv3.1 8.6 (HIGH)

CWECWE 17VNDIetfTYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2017-01-13
2017-01-13 19:59Z
HIGH

CVE-2010-5327 — Liferay Liferay_portal: Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2010-5327

Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template. CVSSv3.1 8.8 (HIGH)

CWECWE 264VNDLiferayTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2017-01-13
2017-01-13 16:59Z
CRIT

CVE-2016-2090 — Fedoraproject Fedora: Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-2090

Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDFedoraprojectVNDFreedesktopTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-13
2017-01-13 15:59Z
CRIT

CVE-2015-3188 — Apache Storm: The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-3188

The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors. CVSSv3.1 9.8 (CRITICAL)

CWECWE 264VNDApacheTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-13
2017-01-13 09:59Z
HIGH

CVE-2016-3130 — Blackberry Enterprise_service: An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-3130

An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic between the two elements during a login attempt. CVSSv3.1 8.1 (HIGH)

CWECWE 200CWECWE 255VNDBlackberryTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2017-01-13
2017-01-13 09:59Z
HIGH

CVE-2016-3128 — Blackberry Enterprise_service: A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-3128

A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for the BES, or send false information to the BES by gaining access to specific information about a device that was legitimately enrolled on the BES. CVSSv3.1 8.2 (HIGH)

CWECWE 254VNDBlackberryVNDCoreTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2017-01-13
2017-01-13 09:59Z
CRIT

CVE-2016-10141 — Artifex Mujs: An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-10141

An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. MuJS before fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045. The attack requires a regular expression with nested repetition. A successful exploitation of this issue can lead to code execution or a denial of service (buffer overflow) condition. CVSSv3.1 9.8 (CRITICAL)

CWECWE 190VNDArtifexTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-12
2017-01-12 23:59Z
CRIT

CVE-2016-9299 — Jenkins Jenkins: The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9299

The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server. CVSSv3.1 9.8 (CRITICAL)

CWECWE 90VNDJenkinsVNDFedoraprojectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2017-01-12
2017-01-12 23:59Z
CRIT

CVE-2016-3152 — Barco Clickshare_csc-1_firmware: ClickShare CSC-1 devices with firmware before 01.09.03 allow remote attackers to obtain the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-3152

Barco ClickShare CSC-1 devices with firmware before 01.09.03 allow remote attackers to obtain the root password by downloading and extracting the firmware image. CVSSv3.1 9.8 (CRITICAL)

CWECWE 200VNDBarcoTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2016-12-09
2016-12-09 11:59Z
HIGH

CVE-2016-8858 — Openbsd Openssh: The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-8858

The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue." CVSSv3.1 7.5 (HIGH) · EPSS 96th percentile

CWECWE 400CWECWE 399TYPVulnerability
7.5
CVSS v3.1
96
Edit Score
2016-11-22
2016-11-22 19:59Z
CRIT

CVE-2016-9535 — Libtiff Libtiff: tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-9535

tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow." CVSSv3.1 9.8 (CRITICAL) · EPSS 70th percentile

CWECWE 119VNDLibtiffTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2016-09-01
2016-09-01 00:59Z
HIGH

CVE-2016-2183 — Redhat Jboss_enterprise_application_platform: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-2183

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. CVSSv3.1 7.5 (HIGH) · EPSS 97th percentile

CWECWE 200VNDDesTYPVulnerability
7.5
CVSS v3.1
99
Edit Score
2016-08-24
2016-08-24 02:00Z
HIGH

CVE-2016-5645 — Rockwellautomation 1766-l32awa: Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L32AWAA, and 1766-L32BXBA devices have

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-5645

Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L32AWAA, and 1766-L32BXBA devices have a hardcoded SNMP community, which makes it easier for remote attackers to load arbitrary firmware updates by leveraging knowledge of this community. CVSSv3.1 7.3 (HIGH) · EPSS 97th percentile

CWECWE 284CWECWE 798VNDRockwellautomationVNDRockwellTYPVulnerability
7.3
CVSS v3.1
96
Edit Score
2016-03-22
2016-03-22 10:59Z
MED

CVE-2016-3115 — Openbsd Openssh: Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-3115

Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions. CVSSv3.1 6.4 (MEDIUM) · EPSS 98th percentile

CWECWE 93VNDOracleVNDCrlfTYPVulnerability
6.4
CVSS v3.1
96
Edit Score
2016-01-14
2016-01-14 22:59Z
HIGH

CVE-2016-0778 — Oracle Linux: The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-0778

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings. CVSSv3.1 8.1 (HIGH) · EPSS 78th percentile

CWECWE 119VNDOracleTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2016-01-14
2016-01-14 22:59Z
MED

CVE-2016-0777 — Sophos Unified_threat_management_software: The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2016-0777

The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key. CVSSv3.1 6.5 (MEDIUM) · EPSS 99th percentile

CWECWE 200VNDOracleVNDSophosTYPVulnerability
6.5
CVSS v3.1
100
Edit Score
2015-10-28
2015-10-28 10:59Z
CRIT

CVE-2015-6490 — Rockwellautomation Micrologix_1100_firmware: Stack-based buffer overflow on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-6490

Stack-based buffer overflow on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices through B FRN 15.003 allows remote attackers to execute arbitrary code via unspecified vectors. CVSSv3.1 9.8 (CRITICAL) · EPSS 81th percentile

CWECWE 121CWECWE 119VNDStackVNDRockwellautomationTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2015-10-18
2015-10-18 19:59Z
MED

CVE-2015-6477 — Nordex Nordex_control_2_scada: Multiple cross-site scripting (XSS) vulnerabilities in the Wind Farm Portal application in Nordex Control

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2015-6477

Multiple cross-site scripting (XSS) vulnerabilities in the Wind Farm Portal application in Nordex Control 2 (NC2) SCADA 16 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. CVSSv3.1 6.1 (MEDIUM) · EPSS 97th percentile

CWECWE 79VNDXssVNDNordexTYPVulnerability
6.1
CVSS v3.1
90
Edit Score