Skip to main content
CVE-2016-4054 HIGH Act Now

Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 79.9% and no vendor patch available.

RCE Buffer Overflow Ubuntu Linux Squid Linux
NVD
CVSS 3.0
8.1
EPSS
79.9%
Threat
4.0
CVE-2016-4052 HIGH PATCH Act Now

Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 23.6%.

Denial Of Service RCE Buffer Overflow Ubuntu Linux Squid
NVD
CVSS 3.0
8.1
EPSS
23.6%
CVE-2016-2346 HIGH POC This Week

Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Pl Sql Developer
NVD
CVSS 3.0
8.1
EPSS
0.2%
CVE-2016-2115 MEDIUM PATCH This Month

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 22.7%.

Information Disclosure Ubuntu Linux Samba
NVD
CVSS 3.0
5.9
EPSS
22.7%
CVE-2015-5370 MEDIUM PATCH This Month

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 21.1%.

RCE Denial Of Service Samba Ubuntu Linux
NVD
CVSS 3.0
5.9
EPSS
21.1%
CVE-2016-4051 HIGH PATCH This Week

Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service RCE Buffer Overflow Ubuntu Linux Linux +1
NVD
CVSS 3.0
8.8
EPSS
5.9%
CVE-2016-4077 MEDIUM POC This Month

epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-2331 CRITICAL Act Now

The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Syslink Sl 1000 Modular Gateway Firmware
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-2110 MEDIUM PATCH This Month

The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 17.7%.

Information Disclosure Samba Ubuntu Linux
NVD
CVSS 3.0
5.9
EPSS
17.7%
CVE-2016-2112 MEDIUM PATCH This Month

The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 16.6%.

Information Disclosure Samba Ubuntu Linux
NVD
CVSS 3.0
5.9
EPSS
16.6%
CVE-2016-2332 HIGH This Week

flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 allows remote authenticated users to execute arbitrary commands via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Syslink Sl 1000 Modular Gateway Firmware
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-2113 HIGH PATCH This Week

Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Samba Ubuntu Linux
NVD
CVSS 3.0
7.4
EPSS
4.2%
CVE-2016-1202 HIGH PATCH This Week

Untrusted search path vulnerability in Atom Electron before 0.33.5 allows local users to gain privileges via a Trojan horse Node.js module in a parent directory of a directory named on a require line. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Node.js Electron
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8852 HIGH This Week

Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Varnish Cache Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2016-2333 HIGH This Week

SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers' installations, which allows attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Syslink Sl 1000 Modular Gateway Firmware
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2016-2114 MEDIUM PATCH This Month

The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Samba Ubuntu Linux
NVD
CVSS 3.0
5.9
EPSS
5.9%
CVE-2016-4053 LOW PATCH Monitor

Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 16.5%.

Buffer Overflow Squid Linux Ubuntu Linux
NVD
CVSS 3.0
3.7
EPSS
16.5%
CVE-2016-2111 MEDIUM PATCH This Month

The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required.

Information Disclosure Samba Ubuntu Linux
NVD
CVSS 3.0
6.3
EPSS
2.8%
CVE-2016-4085 MEDIUM This Month

Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Buffer Overflow Solaris Debian Linux Wireshark
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2016-4081 MEDIUM This Month

epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Authentication Bypass Wireshark
NVD
CVSS 3.0
5.9
EPSS
0.4%
CVE-2016-4080 MEDIUM This Month

epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Buffer Overflow Wireshark
NVD
CVSS 3.0
5.9
EPSS
0.4%
CVE-2016-4078 MEDIUM This Month

The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Wireshark
NVD
CVSS 3.0
5.9
EPSS
0.4%
CVE-2016-4082 MEDIUM PATCH This Month

epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Wireshark Debian Linux Solaris
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-4079 MEDIUM This Month

epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not verify BER identifiers, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Buffer Overflow Debian Linux Solaris Wireshark
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-4083 MEDIUM This Month

epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Wireshark
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-4006 MEDIUM This Month

epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not limit the protocol-tree depth, which allows remote attackers to cause a denial of service (stack memory consumption and. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Buffer Overflow Wireshark
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-4076 MEDIUM This Month

epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Authentication Bypass Wireshark
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-4084 MEDIUM This Month

Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 allows remote attackers to cause a denial of service (integer overflow and. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Wireshark
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2016-1185 LOW Monitor

The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application. Rated low severity (CVSS 2.5), this vulnerability is no authentication required. No vendor patch available.

Google Information Disclosure Kintone
NVD
CVSS 3.0
2.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy