Skip to main content
CVE-2016-9813 MEDIUM POC This Month

The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gstreamer
NVD Exploit-DB VulDB
CVSS 3.0
5.5
EPSS
4.8%
CVE-2016-7431 MEDIUM This Month

NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 18.6% and no vendor patch available.

Authentication Bypass Ntp
NVD VulDB
CVSS 3.0
5.3
EPSS
18.6%
CVE-2016-9310 MEDIUM This Month

The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ntp
NVD VulDB
CVSS 3.0
6.5
EPSS
4.0%
CVE-2016-9311 MEDIUM This Month

ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Null Pointer Dereference Denial Of Service Ntp
NVD VulDB
CVSS 3.0
5.9
EPSS
4.8%
CVE-2016-7433 MEDIUM This Month

NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ntp
NVD VulDB
CVSS 3.0
5.3
EPSS
6.8%
CVE-2017-3890 MEDIUM This Month

A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Appliance X Workspaces Vapp
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2016-8671 MEDIUM This Month

The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via unspecified vectors. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Matrixssl
NVD VulDB
CVSS 3.0
5.9
EPSS
0.4%
CVE-2016-6887 MEDIUM PATCH This Month

The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Matrixssl
NVD VulDB
CVSS 3.0
5.9
EPSS
0.3%
CVE-2016-9807 MEDIUM PATCH This Month

The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Gstreamer
NVD VulDB
CVSS 3.0
5.5
EPSS
0.8%
CVE-2016-9810 MEDIUM This Month

The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Gstreamer
NVD VulDB
CVSS 3.0
5.5
EPSS
0.7%
CVE-2016-8883 MEDIUM PATCH This Month

The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Jasper
NVD GitHub VulDB
CVSS 3.0
5.5
EPSS
0.4%
CVE-2016-8882 MEDIUM PATCH This Month

The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Jasper
NVD GitHub VulDB
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-10135 MEDIUM This Month

An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Lg Mobile
NVD VulDB
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-0398 MEDIUM This Month

An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD VulDB
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-8467 MEDIUM PATCH This Month

An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Google Privilege Escalation Android
NVD VulDB
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-7428 MEDIUM This Month

ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ntp
NVD VulDB
CVSS 3.0
4.3
EPSS
5.3%
CVE-2016-7427 MEDIUM This Month

The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ntp
NVD VulDB
CVSS 3.0
4.3
EPSS
5.3%
CVE-2016-9811 MEDIUM This Month

The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Gstreamer Fedora +7
NVD VulDB
CVSS 3.1
4.7
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy