Skip to main content
CVE-2015-6925 HIGH POC This Week

wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to cause a denial of service (resource consumption or traffic amplification) via a crafted DTLS cookie in a ClientHello message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wolfssl
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2016-1134 HIGH This Week

Cross-site request forgery (CSRF) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Whr 1166Dhp Firmware Whr 300Hp2 Firmware Wmr 300 Firmware Bhr 4Grv2 Firmware +4
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-1570 HIGH This Week

The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 3.0
8.5
EPSS
0.2%
CVE-2016-1572 HIGH PATCH This Week

mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Ecryptfs Utils Ubuntu Linux Leap Opensuse +2
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2015-7909 HIGH This Week

Stack-based buffer overflow in Hospira Communication Engine (CE) before 1.2 in LifeCare PCA Infusion System 5.07, Plum A+ Infusion System 13.40, and Plum A+3 Infusion System 13.40 allows remote. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Communication Engine Lifecare Pca Infusion System
NVD
CVSS 3.0
7.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy