Skip to main content
CVE-2016-6890 CRITICAL PATCH Act Now

Heap-based buffer overflow in MatrixSSL before 3.8.6 allows remote attackers to execute arbitrary code via a crafted Subject Alt Name in an X.509 certificate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.6%.

RCE Buffer Overflow Matrixssl
NVD GitHub
CVSS 3.0
9.8
EPSS
13.6%
CVE-2016-9754 HIGH POC PATCH This Week

The ring_buffer_resize function in kernel/trace/ring_buffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Information Disclosure Linux Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2016-10009 HIGH POC PATCH This Week

Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSH Information Disclosure
NVD GitHub Exploit-DB VulDB
CVSS 3.1
7.3
EPSS
1.6%
CVE-2016-10010 HIGH POC PATCH This Week

sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to. Rated high severity (CVSS 7.0). Public exploit code available.

SSH Privilege Escalation
NVD GitHub Exploit-DB VulDB
CVSS 3.1
7.0
EPSS
0.1%
CVE-2015-3441 HIGH This Week

The Parental Control panel in Genexis devices with DRGOS before 1.14.1 allows remote authenticated users to execute arbitrary CLI commands via the (1) start_hour, (2) start_minute, (3) end_hour, (4). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Drgos
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2016-10030 HIGH PATCH This Week

The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Slurm
NVD GitHub
CVSS 3.0
8.1
EPSS
0.8%
CVE-2016-6892 HIGH PATCH This Week

The x509FreeExtensions function in MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (free of unallocated memory) via a crafted X.509 certificate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Matrixssl
NVD GitHub
CVSS 3.0
7.5
EPSS
2.6%
CVE-2016-6891 HIGH PATCH This Week

MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ASN.1 Bit Field primitive in an X.509 certificate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Information Disclosure Buffer Overflow Matrixssl
NVD GitHub
CVSS 3.0
7.5
EPSS
2.6%
CVE-2016-10012 HIGH PATCH This Week

The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

SSH Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2016-7169 MEDIUM PATCH This Month

Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal WordPress PHP
NVD GitHub
CVSS 3.0
6.3
EPSS
3.0%
CVE-2016-10011 MEDIUM PATCH This Month

authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

SSH Information Disclosure
NVD GitHub VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2017-5179 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nessus
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-7168 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the media_handle_upload function in wp-admin/includes/media.php in WordPress before 4.6.1 might allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

XSS WordPress PHP
NVD GitHub
CVSS 3.0
4.8
EPSS
0.8%
CVE-2016-8006 MEDIUM This Month

Authentication bypass vulnerability in Enterprise Security Manager (ESM) and License Manager (LM) in Intel Security McAfee Security Information and Event Management (SIEM) 9.6.0 MR3 allows an. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Authentication Bypass Security Information And Event Management
NVD
CVSS 3.0
4.4
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy