Skip to main content
CVE-2016-10174 CRITICAL POC KEV THREAT Emergency

The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Buffer Overflow RCE Netgear
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
91.1%
Threat
7.7
CVE-2016-10176 CRITICAL POC PATCH THREAT Act Now

The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 86.6%.

RCE Netgear Wnr2000V5 Firmware
NVD Exploit-DB VulDB
CVSS 3.0
9.8
EPSS
86.6%
Threat
6.1
CVE-2016-6267 HIGH POC PATCH THREAT Act Now

SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 72.5%.

Trend Micro PHP Information Disclosure Smart Protection Server
NVD
CVSS 3.1
8.8
EPSS
72.5%
Threat
5.4
CVE-2016-10175 CRITICAL POC PATCH THREAT Act Now

The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 81.6%.

Netgear Information Disclosure Wnr2000V5 Firmware
NVD Exploit-DB VulDB
CVSS 3.0
9.8
EPSS
81.6%
Threat
5.9
CVE-2016-10182 CRITICAL POC THREAT Emergency

An issue was discovered on the D-Link DWR-932B router. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 49.3%.

D-Link Command Injection Dwr 932B Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
49.3%
Threat
4.9
CVE-2016-10178 CRITICAL POC THREAT Emergency

An issue was discovered on the D-Link DWR-932B router. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 22.2%.

D-Link Information Disclosure Dwr 932B Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
22.2%
Threat
4.1
CVE-2016-10177 CRITICAL POC THREAT Emergency

An issue was discovered on the D-Link DWR-932B router. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.1%.

D-Link Authentication Bypass Dwr 932B Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
20.1%
Threat
4.1
CVE-2015-7978 HIGH Act Now

NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 42.5% and no vendor patch available.

Denial Of Service Ntp
NVD VulDB
CVSS 3.0
7.5
EPSS
42.5%
CVE-2016-6270 HIGH POC This Week

The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Command Injection Virtual Mobile Infrastructure
NVD
CVSS 3.1
8.8
EPSS
8.4%
CVE-2016-10181 HIGH POC THREAT Act Now

An issue was discovered on the D-Link DWR-932B router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.1%.

D-Link Information Disclosure Dwr 932B Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
12.1%
CVE-2016-10179 HIGH POC THREAT Act Now

An issue was discovered on the D-Link DWR-932B router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.0%.

D-Link Authentication Bypass Dwr 932B Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
12.0%
CVE-2016-6269 CRITICAL POC PATCH Act Now

Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Trend Micro PHP Smart Protection Server
NVD
CVSS 3.1
9.1
EPSS
1.9%
CVE-2016-6266 HIGH POC PATCH This Week

ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Trend Micro PHP Information Disclosure Smart Protection Server
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2015-2180 HIGH POC This Week

The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Webmail
NVD GitHub
CVSS 3.0
8.8
EPSS
2.7%
CVE-2015-2181 HIGH POC This Week

Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Webmail
NVD GitHub
CVSS 3.0
8.8
EPSS
0.8%
CVE-2016-10184 HIGH POC This Week

An issue was discovered on the D-Link DWR-932B router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal D-Link Dwr 932B Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
5.5%
CVE-2016-10183 HIGH POC This Week

An issue was discovered on the D-Link DWR-932B router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal D-Link Dwr 932B Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
5.5%
CVE-2017-5611 CRITICAL PATCH Act Now

SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.4%.

WordPress SQLi PHP Debian Linux Data Integrator
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
12.4%
CVE-2016-10180 HIGH POC This Week

An issue was discovered on the D-Link DWR-932B router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dwr 932B Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
3.5%
CVE-2016-10186 HIGH POC This Week

An issue was discovered on the D-Link DWR-932B router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dwr 932B Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
3.0%
CVE-2016-10185 HIGH POC This Week

An issue was discovered on the D-Link DWR-932B router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Information Disclosure Dwr 932B Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
3.0%
CVE-2016-2399 HIGH POC This Week

Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Libquicktime
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.9%
CVE-2016-6167 HIGH POC This Week

Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) UxTheme.dll or (2) ntmarta.dll. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Putty
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2016-6268 HIGH POC PATCH This Week

Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

RCE Trend Micro Privilege Escalation Smart Protection Server
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2016-7798 HIGH POC PATCH This Week

The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass OpenSSL Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2015-8139 MEDIUM This Month

ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 30.1% and no vendor patch available.

Authentication Bypass Ntp
NVD
CVSS 3.0
5.3
EPSS
30.1%
CVE-2015-8140 MEDIUM This Month

The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 29.9% and no vendor patch available.

Authentication Bypass Ntp
NVD
CVSS 3.0
4.8
EPSS
29.9%
CVE-2016-6604 CRITICAL Act Now

NULL pointer dereference in Samsung Exynos fimg2d driver for Android L(5.0/5.1) and M(6.0) allows attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Google Samsung Exynos Fimg2D
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-9132 CRITICAL PATCH Act Now

In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Botan
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-5434 MEDIUM POC This Month

libalpm, as used in pacman 5.0.1, allows remote attackers to cause a denial of service (infinite loop or out-of-bounds read) via a crafted signature file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Pacman
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2015-7977 MEDIUM This Month

ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 16.4% and no vendor patch available.

Null Pointer Dereference Denial Of Service Ntp Linux Tim 4R Ie Firmware +7
NVD VulDB
CVSS 3.1
5.9
EPSS
16.4%
CVE-2016-9939 HIGH PATCH This Week

Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Crypto Debian Linux
NVD
CVSS 3.0
7.5
EPSS
5.9%
CVE-2015-7979 HIGH This Week

NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ntp
NVD
CVSS 3.0
7.5
EPSS
4.2%
CVE-2015-7973 MEDIUM This Month

NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ntp Tim 4R Ie Firmware Tim 4R Ie Dnp3 Firmware Freebsd +3
NVD VulDB
CVSS 3.1
6.5
EPSS
8.6%
CVE-2016-7544 HIGH PATCH This Week

Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Crypto
NVD GitHub
CVSS 3.0
7.5
EPSS
3.3%
CVE-2017-5627 HIGH This Week

An issue was discovered in Artifex Software, Inc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Mujs
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2017-5628 HIGH This Week

An issue was discovered in Artifex Software, Inc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Mujs
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2016-2519 MEDIUM This Month

ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Denial Of Service Ntp
NVD
CVSS 3.0
5.9
EPSS
9.5%
CVE-2016-10087 HIGH This Week

The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Libpng
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2015-8158 MEDIUM This Month

The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Ntp
NVD
CVSS 3.0
5.9
EPSS
8.1%
CVE-2015-7331 MEDIUM This Month

The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

RCE Mcollective Puppet Agent
NVD
CVSS 3.0
6.6
EPSS
0.4%
CVE-2017-5572 MEDIUM This Month

An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Privilege Escalation Xenserver
NVD VulDB
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-5632 MEDIUM This Month

An issue was discovered on the ASUS RT-N56U Wireless Router with Firmware 3.0.0.4.374_979. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Rt N56U Firmware
NVD VulDB
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-2402 MEDIUM PATCH This Month

OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Okhttp Okhttp3
NVD
CVSS 3.1
5.9
EPSS
2.7%
CVE-2017-5612 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS WordPress PHP Debian Linux
NVD GitHub VulDB
CVSS 3.0
6.1
EPSS
1.5%
CVE-2015-7975 MEDIUM This Month

The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash). Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Ntp
NVD VulDB
CVSS 3.0
6.2
EPSS
0.4%
CVE-2016-9119 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Moinmoin Ubuntu Linux Debian Linux
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2016-2516 MEDIUM This Month

NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Ntp
NVD
CVSS 3.0
5.3
EPSS
3.6%
CVE-2016-2518 MEDIUM PATCH This Month

The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Ntp Debian Linux Clustered Data Ontap +14
NVD
CVSS 3.1
5.3
EPSS
3.5%
CVE-2016-2517 MEDIUM This Month

NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Ntp
NVD
CVSS 3.0
5.3
EPSS
3.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy