Skip to main content
CVE-2016-2177 CRITICAL PATCH Act Now

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 29.1%.

Integer Overflow Denial Of Service OpenSSL Icewall Mcrp Icewall Sso +3
NVD
CVSS 3.0
9.8
EPSS
29.1%
CVE-2016-2362 CRITICAL Act Now

Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 has a hardcoded password for the FTP account, which allows remote attackers to obtain access via a (1) FTP or (2) SSH connection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fonality
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2016-2363 HIGH This Week

Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 uses weak permissions for the /var/www/rpc/surun script, which allows local users to obtain root access for unspecified command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Fonality
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8289 HIGH This Week

The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure D3600 Firmware D6000 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2016-2364 HIGH This Week

The Chrome HUDweb plugin before 2016-05-05 for Fonality (previously trixbox Pro) 12.6 through 14.1i uses the same hardcoded private key across different customers' installations, which allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Hud Web Fonality Chrome
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-8288 MEDIUM This Month

NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Netgear Information Disclosure D3600 Firmware D6000 Firmware
NVD
CVSS 3.0
5.9
EPSS
0.6%
CVE-2016-2178 MEDIUM PATCH This Month

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure OpenSSL Linux Solaris Linux Enterprise +3
NVD
CVSS 3.1
5.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy