Skip to main content
CVE-2016-7434 HIGH POC THREAT Act Now

The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 62.4%.

Denial Of Service Ntp Hpux Ntp
NVD Exploit-DB VulDB
CVSS 3.1
7.5
EPSS
62.4%
Threat
4.9
CVE-2016-10140 HIGH Act Now

Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 34.2% and no vendor patch available.

Authentication Bypass Apache Information Disclosure Zoneminder
NVD GitHub VulDB
CVSS 3.0
7.5
EPSS
34.2%
CVE-2016-9808 HIGH POC This Week

The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service Gstreamer
NVD VulDB
CVSS 3.0
7.5
EPSS
5.5%
CVE-2015-3188 CRITICAL PATCH Act Now

The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.4%.

Apache Privilege Escalation RCE Storm
NVD VulDB
CVSS 3.0
9.8
EPSS
12.4%
CVE-2016-9312 HIGH Act Now

ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.6% and no vendor patch available.

Denial Of Service Microsoft Ntp
NVD VulDB
CVSS 3.0
7.5
EPSS
19.6%
CVE-2016-9813 MEDIUM POC This Month

The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gstreamer
NVD Exploit-DB VulDB
CVSS 3.0
5.5
EPSS
4.8%
CVE-2016-2090 CRITICAL PATCH Act Now

Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Fedora Libbsd Debian Linux Ubuntu Linux
NVD VulDB
CVSS 3.1
9.8
EPSS
1.7%
CVE-2016-10141 CRITICAL Act Now

An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Denial Of Service Buffer Overflow Mujs
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2016-7426 HIGH Act Now

NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.7% and no vendor patch available.

Denial Of Service Ntp Ubuntu Linux Enterprise Linux Desktop Enterprise Linux Server +5
NVD VulDB
CVSS 3.1
7.5
EPSS
11.7%
CVE-2016-7431 MEDIUM This Month

NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 18.6% and no vendor patch available.

Authentication Bypass Ntp
NVD VulDB
CVSS 3.0
5.3
EPSS
18.6%
CVE-2016-3128 HIGH This Week

A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Enterprise Service
NVD VulDB
CVSS 3.0
8.2
EPSS
0.3%
CVE-2016-3130 HIGH This Week

An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Enterprise Service
NVD VulDB
CVSS 3.0
8.1
EPSS
0.3%
CVE-2016-9809 HIGH This Week

Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Gstreamer
NVD VulDB
CVSS 3.0
7.8
EPSS
0.5%
CVE-2017-5364 HIGH PATCH This Week

Memory Corruption Vulnerability in Foxit PDF Toolkit v1.3 allows an attacker to cause Denial of Service and Remote Code Execution when the victim opens the specially crafted PDF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Denial Of Service Foxit Pdf Toolkit
NVD VulDB
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-10136 HIGH This Week

An issue was discovered on BLU R1 HD devices with Shanghai Adups software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Adups Fota
NVD VulDB
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-10138 HIGH This Week

An issue was discovered on BLU Advance 5.0 and BLU R1 HD devices with Shanghai Adups software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Code Injection Adups Fota
NVD VulDB
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-10137 HIGH This Week

An issue was discovered on BLU R1 HD devices with Shanghai Adups software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Adups Fota
NVD VulDB
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-10139 HIGH This Week

An issue was discovered on BLU R1 HD devices with Shanghai Adups software. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Adups Fota
NVD VulDB
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-9812 HIGH This Week

The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Gstreamer
NVD VulDB
CVSS 3.0
7.5
EPSS
1.4%
CVE-2016-9107 HIGH PATCH This Week

The OTR plugin for Gajim sends information in cleartext when using XHTML, which allows remote attackers to obtain sensitive information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Gajim Otr
NVD VulDB
CVSS 3.0
7.5
EPSS
1.3%
CVE-2016-6886 HIGH PATCH This Week

The pstm_reverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid memory read and crash) via a (1) zero value or (2) the key's modulus for the secret. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Matrixssl
NVD VulDB
CVSS 3.0
7.5
EPSS
0.8%
CVE-2016-6885 HIGH PATCH This Week

The pstm_exptmod function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid free and crash) via a base zero value for the modular exponentiation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Matrixssl
NVD VulDB
CVSS 3.0
7.5
EPSS
0.7%
CVE-2016-9882 HIGH PATCH This Week

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Capi Release Cf Release
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2016-9310 MEDIUM This Month

The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ntp
NVD VulDB
CVSS 3.0
6.5
EPSS
4.0%
CVE-2016-9311 MEDIUM This Month

ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Null Pointer Dereference Denial Of Service Ntp
NVD VulDB
CVSS 3.0
5.9
EPSS
4.8%
CVE-2016-7433 MEDIUM This Month

NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ntp
NVD VulDB
CVSS 3.0
5.3
EPSS
6.8%
CVE-2017-3890 MEDIUM This Month

A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Appliance X Workspaces Vapp
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2016-8671 MEDIUM This Month

The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via unspecified vectors. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Matrixssl
NVD VulDB
CVSS 3.0
5.9
EPSS
0.4%
CVE-2016-6887 MEDIUM PATCH This Month

The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Matrixssl
NVD VulDB
CVSS 3.0
5.9
EPSS
0.3%
CVE-2016-9807 MEDIUM PATCH This Month

The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Gstreamer
NVD VulDB
CVSS 3.0
5.5
EPSS
0.8%
CVE-2016-9810 MEDIUM This Month

The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Gstreamer
NVD VulDB
CVSS 3.0
5.5
EPSS
0.7%
CVE-2016-8883 MEDIUM PATCH This Month

The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Jasper
NVD GitHub VulDB
CVSS 3.0
5.5
EPSS
0.4%
CVE-2016-8882 MEDIUM PATCH This Month

The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Jasper
NVD GitHub VulDB
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-10135 MEDIUM This Month

An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Lg Mobile
NVD VulDB
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-0398 MEDIUM This Month

An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD VulDB
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-8467 MEDIUM PATCH This Month

An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Google Privilege Escalation Android
NVD VulDB
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-7428 MEDIUM This Month

ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ntp
NVD VulDB
CVSS 3.0
4.3
EPSS
5.3%
CVE-2016-7427 MEDIUM This Month

The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ntp
NVD VulDB
CVSS 3.0
4.3
EPSS
5.3%
CVE-2016-9811 MEDIUM This Month

The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Gstreamer Fedora +7
NVD VulDB
CVSS 3.1
4.7
EPSS
0.5%
CVE-2016-7429 LOW Monitor

NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Ntp
NVD VulDB
CVSS 3.0
3.7
EPSS
5.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy