Skip to main content
CVE-2016-6210 MEDIUM POC THREAT This Month

sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 90.0%.

SSH Information Disclosure
NVD Exploit-DB VulDB
CVSS 3.1
5.9
EPSS
90.0%
Threat
5.4
CVE-2017-5162 CRITICAL POC THREAT Emergency

An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 60.1%.

Authentication Bypass Universal Multifunctional Electric Power Quality Meter Firmware
NVD
CVSS 3.0
9.8
EPSS
60.1%
Threat
5.3
CVE-2017-5146 HIGH POC THREAT Act Now

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 64.6%.

Information Disclosure Vmu C Em Firmware Vmu C Pv Firmware
NVD
CVSS 3.0
7.5
EPSS
64.6%
Threat
4.9
CVE-2016-9361 CRITICAL POC THREAT Emergency

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 49.6%.

Authentication Bypass
NVD VulDB
CVSS 3.1
9.8
EPSS
49.6%
Threat
4.9
CVE-2016-9332 HIGH POC THREAT Act Now

An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 29.7%.

Denial Of Service Softcms
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
29.7%
CVE-2016-9349 HIGH POC THREAT Act Now

An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 23.7%.

Information Disclosure Susiaccess
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
23.7%
CVE-2016-8377 HIGH POC This Week

An issue was discovered in Fatek Automation PLC WinProladder Version 3.11 Build 14701. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Plc Winproladder Firmware
NVD Exploit-DB
CVSS 3.1
8.0
EPSS
8.7%
CVE-2016-5809 HIGH POC This Week

An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Schneider Electric Ion5000 Ion7300 Ion7500 +3
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.9%
CVE-2016-9351 HIGH POC This Week

An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Path Traversal File Upload Susiaccess
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
3.7%
CVE-2016-9369 CRITICAL Act Now

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass
NVD VulDB
CVSS 3.1
9.8
EPSS
7.4%
CVE-2016-8352 CRITICAL Act Now

An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Schneider Electric Connexium Firmware
NVD
CVSS 3.0
10.0
EPSS
2.5%
CVE-2016-2788 CRITICAL Act Now

MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Marionette Collective Puppet Enterprise
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2017-5144 CRITICAL Act Now

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vmu C Em Firmware Vmu C Pv Firmware
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2015-8768 CRITICAL PATCH Act Now

click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Ubuntu Privilege Escalation Click Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2016-7565 CRITICAL PATCH Act Now

install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass PHP Exponent Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2016-8363 CRITICAL Act Now

An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Oncellg3470A Lte Firmware Awk 4131A Firmware Awk 3191 Firmware Awk 5232 Firmware +10
NVD
CVSS 3.0
10.0
EPSS
0.3%
CVE-2015-8771 CRITICAL PATCH Act Now

The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Gosa Plugin
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2017-5145 CRITICAL Act Now

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Vmu C Em Firmware Vmu C Pv Firmware
NVD
CVSS 3.0
10.0
EPSS
0.2%
CVE-2016-9343 CRITICAL Act Now

An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service Rockwell Softlogix 5800 Controller Firmware +15
NVD
CVSS 3.1
10.0
EPSS
0.1%
CVE-2016-8347 CRITICAL Act Now

An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Webdatorcentral
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2016-8355 CRITICAL Act Now

An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cadd Solis Medication Safety Software
NVD
CVSS 3.0
9.9
EPSS
0.4%
CVE-2016-5815 CRITICAL Act Now

An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Schneider Electric Ion5000 Ion7300 Ion7500 +3
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2016-8859 CRITICAL Act Now

Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Musl
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2017-5159 CRITICAL Act Now

An issue was discovered on Phoenix Contact mGuard devices that have been updated to Version 8.4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mguard Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2016-9333 CRITICAL Act Now

An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Softcms
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2016-8364 CRITICAL Act Now

An issue was discovered in IBHsoftec S7-SoftPLC prior to 4.12b. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow S7 Softplc
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-5154 CRITICAL Act Now

An issue was discovered in Advantech WebAccess Version 8.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Webaccess
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-8348 CRITICAL Act Now

An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XXE Liebert Sitescan Web
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-8378 CRITICAL Act Now

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenesys Bas Bridge
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-5166 CRITICAL Act Now

An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Universal Multifunctional Electric Power Quality Meter Firmware
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-5140 CRITICAL Act Now

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Honeywell Information Disclosure Xl Web Ii Controller
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-5139 CRITICAL Act Now

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Honeywell Information Disclosure Xl Web Ii Controller
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2016-5818 CRITICAL PATCH Act Now

An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Schneider Electric Powerlogic Pm8Ecc Firmware
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2016-5100 CRITICAL PATCH Act Now

Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Froxlor
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-8341 CRITICAL Act Now

An issue was discovered in Ecava IntegraXor Version 5.0.413.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Integraxor
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-8567 CRITICAL Act Now

An issue was discovered in Siemens SICAM PAS before 8.00. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Siemens Authentication Bypass Sicam Pas Pqs
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2016-9366 CRITICAL Act Now

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2016-5803 HIGH This Week

An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Unified Infrastructure Management
NVD
CVSS 3.0
8.6
EPSS
5.4%
CVE-2017-5152 CRITICAL Act Now

An issue was discovered in Advantech WebAccess Version 8.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Webaccess
NVD
CVSS 3.0
9.1
EPSS
1.0%
CVE-2017-5143 HIGH This Week

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Honeywell Xl Web Ii Controller
NVD
CVSS 3.0
8.6
EPSS
3.2%
CVE-2016-9362 CRITICAL Act Now

An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pfc200 Firmware 750 Xxxx Series Firmware 758 Xxxx Series Firmware
NVD
CVSS 3.0
9.1
EPSS
0.4%
CVE-2017-5142 CRITICAL Act Now

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Honeywell Privilege Escalation Xl Web Ii Controller
NVD
CVSS 3.0
9.1
EPSS
0.3%
CVE-2016-3616 HIGH This Week

The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service RCE Libjpeg Turbo Enterprise Linux +2
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2017-5149 HIGH This Week

An issue was discovered in St. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Null Pointer Dereference Denial Of Service Merlin Home Firmware
NVD
CVSS 3.1
8.9
EPSS
0.3%
CVE-2016-5796 HIGH This Week

An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Automation Fv Designer Automation Pm Designer
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2016-8369 HIGH This Week

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenesys Bas Bridge
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-9365 HIGH This Week

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2016-8368 HIGH This Week

An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Qj71E71 100 Firmware Qj71E71 B5 Firmware Qj71E71 B2 Firmware
NVD
CVSS 3.1
8.6
EPSS
0.9%
CVE-2016-5782 HIGH This Week

An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, and LGate 320. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Lgate Firmware
NVD
CVSS 3.0
8.6
EPSS
0.9%
CVE-2017-5167 HIGH This Week

An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Universal Multifunctional Electric Power Quality Meter Firmware
NVD
CVSS 3.0
8.6
EPSS
0.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy