Skip to main content
CVE-2015-7974 HIGH POC THREAT Act Now

NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.7%.

Authentication Bypass Ntp Tim 4R Ie Firmware Tim 4R Ie Dnp3 Firmware Clustered Data Ontap +2
NVD
CVSS 3.1
7.7
EPSS
10.7%
CVE-2015-8379 HIGH POC PATCH This Week

CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Cakephp
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-1567 HIGH POC PATCH This Week

chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Chrony
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2016-1491 HIGH This Week

The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Lenovo Authentication Bypass Shareit
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2016-1489 HIGH This Week

Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in cleartext, which allows remote attackers to (1) obtain sensitive information by sniffing the network. Rated high severity (CVSS 8.0), this vulnerability is no authentication required. No vendor patch available.

Lenovo Google Information Disclosure Microsoft Shareit
NVD
CVSS 3.0
8.0
EPSS
0.6%
CVE-2016-1233 HIGH This Week

An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Debian Privilege Escalation Fuse
NVD
CVSS 3.0
7.8
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy