Skip to main content
CVE-2016-2842 CRITICAL Emergency

The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 54.3% and no vendor patch available.

OpenSSL Denial Of Service Buffer Overflow
NVD
CVSS 3.0
9.8
EPSS
54.3%
CVE-2016-0799 CRITICAL Emergency

The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 43.5% and no vendor patch available.

OpenSSL Denial Of Service Buffer Overflow Client Steel Belted Radius
NVD
CVSS 3.0
9.8
EPSS
43.5%
CVE-2016-0797 HIGH PATCH Act Now

Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 34.2%.

Denial Of Service OpenSSL Buffer Overflow Node Js Ubuntu Linux +1
NVD
CVSS 3.1
7.5
EPSS
34.2%
CVE-2016-0705 CRITICAL PATCH Act Now

Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 20.7%.

Denial Of Service OpenSSL Buffer Overflow MySQL Android +2
NVD
CVSS 3.0
9.8
EPSS
20.7%
CVE-2016-0798 HIGH Act Now

Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 26.0% and no vendor patch available.

Denial Of Service OpenSSL
NVD
CVSS 3.0
7.5
EPSS
26.0%
CVE-2016-1329 CRITICAL Act Now

Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass X14J Firmware Opensolaris Gs1900 10Hp Firmware +1
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2016-1359 HIGH This Week

Cisco Prime Infrastructure 3.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP request that is mishandled during viewing of a log file, aka Bug ID CSCuw81494. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco RCE Prime Infrastructure
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2016-1158 HIGH This Week

Cross-site request forgery (CSRF) vulnerability on Corega CG-WLBARGMH and CG-WLBARGNL devices allows remote attackers to hijack the authentication of administrators for requests that perform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cg Wlbargmh Firmware Cg Wlbargnl Firmware
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2015-0718 HIGH This Week

Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Unified Computing System Nx Os Jr6150 Firmware +4
NVD
CVSS 3.0
7.5
EPSS
6.0%
CVE-2015-6260 HIGH This Week

Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Gs1900 10Hp Firmware
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-1358 MEDIUM This Month

Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco XXE Buffer Overflow Prime Infrastructure
NVD
CVSS 3.0
6.4
EPSS
0.5%
CVE-2016-1355 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Firesight System Software
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-1354 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 8.x before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Communications Domain Manager
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-0227 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the document-list control implementation in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, and 8.5.5 and 8.5.6 through. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Business Process Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-1288 MEDIUM This Month

The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x before 9.0.0-485 on Web Security Appliance (WSA) devices allows remote attackers to cause a denial of service (service outage) by. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Web Security Appliance
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2016-1357 MEDIUM This Month

The password-management administration component in Cisco Policy Suite (CPS) 7.0.1.3, 7.0.2, 7.0.2-att, 7.0.3-att, 7.0.4-att, and 7.5.0 allows remote attackers to bypass intended RBAC restrictions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Cisco Policy Suite
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-0702 MEDIUM PATCH This Month

The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

OpenSSL Intel Information Disclosure Node Js Debian Linux +1
NVD
CVSS 3.1
5.1
EPSS
0.5%
CVE-2016-1356 LOW Monitor

Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Authentication Bypass Firesight System Software
NVD
CVSS 3.0
3.7
EPSS
0.2%
CVE-2015-7490 LOW Monitor

IBM InfoSphere Information Server 8.5 through FP3, 8.7 through FP2, 9.1 through 9.1.2.0, 11.3 through 11.3.1.2, and 11.5 allows remote authenticated users to bypass intended access restrictions via a. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

IBM Authentication Bypass Infosphere Information Server
NVD
CVSS 3.0
3.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy