Skip to main content
CVE-2016-1525 HIGH POC THREAT Act Now

Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 82.7%.

Path Traversal Netgear Prosafe Network Management Software 300
NVD Exploit-DB
CVSS 3.0
8.6
EPSS
82.7%
Threat
5.7
CVE-2016-1524 CRITICAL POC THREAT Emergency

Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2). Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 65.7%.

Netgear Java File Upload Prosafe Network Management Software 300
NVD Exploit-DB
CVSS 3.0
9.6
EPSS
65.7%
Threat
5.4
CVE-2016-1522 HIGH POC This Week

Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Fedora +4
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2016-1521 HIGH This Week

The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Debian Linux +4
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2016-0865 HIGH This Week

Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote authenticated users to change arbitrary passwords via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Smartgrid Lighthouse Sensor Management System
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-1949 HIGH This Week

Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Privilege Escalation Firefox
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-0863 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to hijack the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Smartgrid Lighthouse Sensor Management System
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-1526 HIGH This Week

The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Debian Linux Firefox +3
NVD
CVSS 3.0
8.1
EPSS
0.8%
CVE-2015-8630 HIGH PATCH This Week

The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Kerberos 5
NVD GitHub
CVSS 3.0
7.5
EPSS
3.0%
CVE-2015-8631 MEDIUM PATCH This Month

Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Kerberos 5 Leap Opensuse Debian Linux +7
NVD GitHub
CVSS 3.1
6.5
EPSS
2.2%
CVE-2016-1523 MEDIUM PATCH This Month

The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Mozilla Denial Of Service Fedora Firefox Thunderbird +2
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2016-0866 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Smartgrid Lighthouse Sensor Management System
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-8629 MEDIUM PATCH This Month

The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Information Disclosure Buffer Overflow Kerberos 5 Linux +10
NVD GitHub
CVSS 3.1
5.3
EPSS
1.6%
CVE-2016-0864 MEDIUM This Month

Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to obtain sensitive report and username information via unspecified. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Smartgrid Lighthouse Sensor Management System
NVD
CVSS 3.0
5.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy