Skip to main content
CVE-2015-8139 MEDIUM This Month

ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 30.1% and no vendor patch available.

Authentication Bypass Ntp
NVD
CVSS 3.0
5.3
EPSS
30.1%
CVE-2015-8140 MEDIUM This Month

The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 29.9% and no vendor patch available.

Authentication Bypass Ntp
NVD
CVSS 3.0
4.8
EPSS
29.9%
CVE-2016-5434 MEDIUM POC This Month

libalpm, as used in pacman 5.0.1, allows remote attackers to cause a denial of service (infinite loop or out-of-bounds read) via a crafted signature file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Pacman
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2015-7977 MEDIUM This Month

ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 16.4% and no vendor patch available.

Null Pointer Dereference Denial Of Service Ntp Linux Tim 4R Ie Firmware +7
NVD VulDB
CVSS 3.1
5.9
EPSS
16.4%
CVE-2015-7973 MEDIUM This Month

NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ntp Tim 4R Ie Firmware Tim 4R Ie Dnp3 Firmware Freebsd +3
NVD VulDB
CVSS 3.1
6.5
EPSS
8.6%
CVE-2016-2519 MEDIUM This Month

ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Denial Of Service Ntp
NVD
CVSS 3.0
5.9
EPSS
9.5%
CVE-2015-8158 MEDIUM This Month

The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Ntp
NVD
CVSS 3.0
5.9
EPSS
8.1%
CVE-2015-7331 MEDIUM This Month

The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

RCE Mcollective Puppet Agent
NVD
CVSS 3.0
6.6
EPSS
0.4%
CVE-2017-5572 MEDIUM This Month

An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Privilege Escalation Xenserver
NVD VulDB
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-5632 MEDIUM This Month

An issue was discovered on the ASUS RT-N56U Wireless Router with Firmware 3.0.0.4.374_979. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Rt N56U Firmware
NVD VulDB
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-2402 MEDIUM PATCH This Month

OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Okhttp Okhttp3
NVD
CVSS 3.1
5.9
EPSS
2.7%
CVE-2017-5612 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS WordPress PHP Debian Linux
NVD GitHub VulDB
CVSS 3.0
6.1
EPSS
1.5%
CVE-2015-7975 MEDIUM This Month

The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash). Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Ntp
NVD VulDB
CVSS 3.0
6.2
EPSS
0.4%
CVE-2016-9119 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Moinmoin Ubuntu Linux Debian Linux
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2016-2516 MEDIUM This Month

NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Ntp
NVD
CVSS 3.0
5.3
EPSS
3.6%
CVE-2016-2518 MEDIUM PATCH This Month

The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Ntp Debian Linux Clustered Data Ontap +14
NVD
CVSS 3.1
5.3
EPSS
3.5%
CVE-2016-2517 MEDIUM This Month

NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Ntp
NVD
CVSS 3.0
5.3
EPSS
3.0%
CVE-2015-8138 MEDIUM This Month

NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ntp
NVD
CVSS 3.0
5.3
EPSS
1.3%
CVE-2016-5026 MEDIUM PATCH This Month

hs.py in OnionShare before 0.9.1 allows local users to modify the hiddenservice by pre-creating the /tmp/onionshare directory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Onionshare
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-5610 MEDIUM PATCH This Month

wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress PHP Information Disclosure Debian Linux
NVD GitHub VulDB
CVSS 3.0
5.3
EPSS
0.9%
CVE-2016-2217 MEDIUM PATCH This Month

The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Socat
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2017-5573 MEDIUM This Month

An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Xenserver
NVD VulDB
CVSS 3.0
4.9
EPSS
0.4%
CVE-2015-7976 MEDIUM This Month

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ntp Linux Enterprise Debuginfo Manager Manager Proxy +6
NVD VulDB
CVSS 3.0
4.3
EPSS
3.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy